Zeek (a.k.a BRO) is an open-source network traffic analyzer.
Security Analyst use Zeek during investigations of suspicious or malicious activity.
Zeek also supports a wide range of traffic analysis tasks beyond the security domain, including performance measurement and troubleshooting.
The Splunk App is based on Zeek logs which can be leveraged during threat hunting or incident response engagements.
TOR Access Attempts
Open Proxy Access Attempts
SSH Access Attempts
Fix the bugs in DNS Traffic overview
Fix the bugs in Flow Based Analytics
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.