Seven years after the formation of the last significant branch, the release of the Zeek 3.0.0 traffic analysis and network intrusion detection system, previously distributed under the name Bro, was presented. The system code is written in C ++ and is distributed under the BSD license.
Zeek is a traffic analysis platform that focuses primarily on tracking security events, but is not limited to this application. Modules for analysis and analysis of various network protocols of the application level are provided, taking into account the state of connections and allowing the formation of a detailed log (archive) of network activity. A subject-oriented language is proposed for writing monitoring scenarios and identifying anomalies taking into account the specifics of specific infrastructures. The system is optimized for use in networks with high bandwidth. An API is provided for integration with third-party information systems and real-time data exchange.
You can have more info at GitHub.