While that vantage point is very powerful-the network does not lie!-it does not provide the complete picture, and it can be challenging to understand the broader context of who is doing what on the endpoints. Traditionally, network security monitors only receive network traffic passively intercepted between hosts (endpoints). Head over to the releases page and try it now with your macOS and Linux endpoints Windows support is coming soon! Please share your ideas, requests and other feedback with us by filing an issue on GitHub or joining the #zeek-agent channel on the new Zeek Slack.
#Osquery slack code#
We are releasing the Zeek Agent as open-source code under the liberal BSD license. The agent collects endpoint data through custom probes and, optionally, by interfacing to osquery and making most of its tables available to Zeek. The new Zeek Agent fills this gap by interfacing Zeek directly with your endpoints, providing semantic context that’s highly valuable for making security decisions. However, from its network vantage point, Zeek lacks access to host-level semantics, such as the process and user accounts that are responsible for any connections observed.
The Zeek Network Security Monitor provides a powerful open-source platform for network traffic analysis.