Zeek

Provides a bridge between Zeek network security monitor and language models for executing PCAP file analysis, log parsing, and converting tabular output into structured data formats without requiring direct command-line interaction.

Zeek-MCP provides a bridge between AI assistants and the Zeek network security monitor through the Model Context Protocol. It offers tools for executing Zeek analysis on PCAP files and parsing the resulting log files into structured data formats. The implementation handles the complete workflow from running Zeek commands to cleaning up previous log files and converting the tabular output into pandas DataFrames for easier analysis. Built with Python and FastMCP, it supports both stdio and Server-Sent Events (SSE) transport methods, making it particularly valuable for network security analysis, traffic monitoring, and intrusion detection tasks without requiring users to interact directly with Zeek's command-line interface.