Search & Analytics
Built For Zeek
Explore your Zeek logs with our desktop app and scalable backend storage cluster.
Search & Analytics
Designed for the
Security Operations Team
Whether for incident response or threat hunting, you'll see your Zeek data in a new light. Brim extensively leverages all the Zeek building blocks that you already know and love, like UIDs, connection histories, file hashes, and so on.
Brim for Mac
Brim includes a native app that's currently supported on Mac (Windows coming soon!) Brim's powerful, intuitive UI comes with built-in knowledge of Zeek. Drill down with our novel, hierarchical exploration model and share the resulting threat or incident explorations across your team.
Command Line Interface
Brim also provides a CLI for building your own scripts to integrate with your existing systems.
Lightweight Footprint
Brim is built upon the Zeek data model. All log fields are automatically typed and data is stored in native Zeek log format, further compressed on disk with LZ4. No bloated JSON over the wire or on disk.
High-speed Ingest
Examine network activity as it happens. As soon as your data lands on the Brim backend, it rips right into the data layer. No need to take a trip through a complex search-index analyzer before the data is ready for exploration and real-time analytics.
Flow Control
Never worry about the "wrong" query bringing your cluster to its knees. With Brim, data flow is self-clocking and self-tuning so that every component of the system sends data only at the rate it's consumed. No need for a Kafka shock absorber, though you can use one if you want.
Rich Zeek Types
Brim's data architecture is modeled upon the native Zeek type system. This means there's no overhead of encoding and decoding JSON nor do you need any complex mapping rules to reconstruct the Zeek types from encoded JSON.
Built on Go
The Brim backend was built from the ground up using Go, the system language that powers massive infrastructure at the world's largest Internet sites. Out of the gate, Brim can utilize all of your server cores, gracefully adapting to load and prioritizing interactive queries over background tasks.
REST API
The Brim API is designed and documented for clarity and simplicity. And it's open and complete. The Brim app and CLI are built on the very same REST API that you have access to.
Wanna Try It?
We're in private alpha right now and honestly a bit busy with all of the interest. If you're the type who loves to play with brand new tech and aren't shy about telling us where and how our product sucks (and how it can be fixed and improved to help make your life easier), then please reach out to us! We'll get you signed up.