Bro

On October 15, 2018, it was announced that the project was renamed Zeek. The reason is called the negative connotation associated "Bro culture" . ^[one]

Bro is a Unix- based network intrusion detection system that monitors network data and detects suspicious activity. First, Bro parses the network data and selects the semantics from the application level, then executes it in event-oriented analyzers that compare activity with patterns that can damage the system. The analysis includes the detection of specific attacks (both defined by signatures, and certain conditions and events) and unusual behavior (multiple connections of the machine to certain services).

Bro uses its own language to write policies that will guide the system in the event of sensors triggering or when new attacks are detected. If Bro discovers something “interesting,” he can be instructed to collect and send a log, inform the operator in real time, or execute some command, for example, reset a suspicious connection.

Bro targets a high-speed network for scanning large amounts of data. Reasonably using the packet filtering technique, Bro is able to achieve the necessary performance on any computer, so it is a fairly affordable tool for the price.

Bro implies use in networks where flexibility and a high degree of system customization are required. The system was originally developed as a research platform for intrusion research and data analysis. It is not intended to be used “out of the box”. The system should be used by Unix specialists with a large store of knowledge on networks.