DoveHawk Zeek Project

The DoveHawk Project provides threat hunting automation capabilities using Zeek Network Security Monitor, MISP Malware Information Sharing Platform, and your own threat intelligence.

Sticker 1 Sticker 2

DoveHawk Zeek-MISP

The DoveHawk Module handles downloading and importing MISP indicators into Zeek (Bro) every 4 hours and reports back MISP sightings for any hits. Hunt malware and adversaries on your network with your own threat intelligence leveraging the community power of MISP.

Support for a transparent cluster to download indicators from MISP in the cluster manager which will automatically distribute them to all workers.


Latest Release v1.02 for Zeek 3.1.1 and higher

Previous v1.01 for Zeek 2 and higher


Zeek - The open source network security monitor.

Zeek Package Manager - Zeek Packages to add on functionality.

Zeek Cluster and Recommended Hardware

MISP Project - MISP is the open source threat intelligence platform.

MISP Sightings - Sightings are feedback on threat intelligence activity seen.


@tylabs Tyler McLellan