Loading...
Corelight Zeek is a free Network Detection and Response tool developed by Zeek. Security professionals most commonly compare it with Corelight Open NDR Platform. All 48 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to Corelight Zeek, including their key features and shared capabilities.
Network detection and response platform with IDS, NSM, and threat intel.
Zeek-based network traffic analysis & IDS platform for enterprise deployments.
A Zeek-based protocol analyzer that parses GQUIC traffic to extract connection metadata and create fingerprints for detecting anomalous network behavior.
Open source Suricata-based NDR system with threat detection and analysis
An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.
Apache Spot is an open source big data platform that analyzes network flows and packet data to identify security threats and provide visibility into enterprise computing environments.
Network detection and response platform for threat detection and analysis
SOCRadar DNS Monitoring provides real-time monitoring of DNS infrastructure with automated discovery, record change alerts, and detection of DNS-based security threats.
Network detection and response platform with IDS, NSM, and threat intel.
Zeek-based network traffic analysis & IDS platform for enterprise deployments.
A Zeek-based protocol analyzer that parses GQUIC traffic to extract connection metadata and create fingerprints for detecting anomalous network behavior.
Open source Suricata-based NDR system with threat detection and analysis
An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.
Apache Spot is an open source big data platform that analyzes network flows and packet data to identify security threats and provide visibility into enterprise computing environments.
Network detection and response platform for threat detection and analysis
SOCRadar DNS Monitoring provides real-time monitoring of DNS infrastructure with automated discovery, record change alerts, and detection of DNS-based security threats.
Digital experience monitoring for network, device, and app performance
Flow-based network traffic monitoring and bandwidth analysis tool
Network traffic broker for visibility, monitoring, and traffic optimization
Network traffic analysis tool for real-time intrusion detection and monitoring
Service that identifies network blind spots and unmanaged nodes.
Qualified network TAPs for traffic duplication and network monitoring
Network Detection and Response system for threat detection and response
Real-time network security monitoring for threat detection using DPI and sandbox
SaaS-based NDR platform for threat investigation and Tier 1 workflows
Behavior-based network threat detection at line speeds with live analysis
AI-powered network security solution for SMBs with sensor device and MSP portal
TLS/SSL decryption for network traffic visibility and security analysis
Flow-based network monitoring platform for performance and security visibility
Network visibility and security insights platform for IT environments
Network & app performance monitoring platform with end-to-end visibility
DNS-layer network visibility and monitoring with query logging and analytics
TLS decryption solution that extracts session keys from memory for traffic inspection
Network abuse management platform for ISPs to automate abuse case handling.
AI-based network threat detection using unsupervised machine learning.
AI-powered network cybersecurity platform for telcos to protect subscribers.
Modular network observability platform for packet brokering, capture & analytics.
Lossless packet capture & analysis appliance at 10–200 Gbps line rate.
Packet broker, capture & observability suite for hybrid network security.
Packet-based network observability platform for hybrid environments.
Polish NDR appliance for network threat detection, forensics & GDPR compliance.
Passive network intelligence platform for gov/defense with real-time visibility.
Network flow & SNMP collector with analytics for traffic visibility.
Network digital twin platform for visibility, security & ops assurance.
Platform providing contextualized network data insights for security and ops teams.
Flow load balancer for distributing & filtering NetFlow records to collectors.
Network intelligence platform for detecting, and responding to security incidents
Enterprise network monitoring via deep packet inspection & traffic classification.
Network device & service visibility platform for ISPs using device fingerprinting.
Flow-based network security monitoring tool using anomaly detection.
Network defense platform with real-time content inspection & threat blocking
Network monitoring and detection solution for threat analysis
Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.
A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.
NetFlow/IPFIX traffic analyzer for network visibility and anomaly detection.
Open source framework for network traffic analysis with advanced features.
Common questions security professionals ask when evaluating alternatives and competitors to Corelight Zeek.
The most popular alternatives to Corelight Zeek include Corelight Open NDR Platform, Critical Path Security Léargas Platform, GQUIC Protocol Analyzer, Stamus Clear NDR Community, and Netis Cloud Probe. These Network Detection and Response tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
