Bro is the former name of Zeek. Zeek is a network analysis framework - implemented as a domain specific programming language to enable users to create powerful network security monitoring (NSM) capabilities while also providing a comprehensive platform for general network traffic analysis.
From the Zeek website:
Adaptable
Zeek's domain-specific scripting language enables site-specific monitoring policies.
Efficient
Zeek targets high-performance networks and is used operationally at a variety of large sites.
Flexible
Zeek is not restricted to any particular detection approach and does not rely on traditional signatures.
Forensics
Zeek comprehensively logs what it sees and provides a high-level archive of a network's activity.
In-depth Analysis
Zeek comes with analyzers for many protocols, enabling high-level semantic analysis at the application layer.
Highly Stateful
Zeek keeps extensive application-layer state about the network it monitors.
Open Interfaces
Zeek interfaces with other applications for real-time exchange of information.
Open Source
Zeek comes with a BSD license, allowing for free use with virtually no restrictions.
References:
