Zeek FAQs

Question 1

What is the Model Context Protocol (MCP)?

Accepted Answer

MCP (Model Context Protocol) allows LLMs to interact with external tools. Zeek-MCP uses MCP to enable LLMs to execute Zeek analysis and query the resulting data in a conversational manner.

Question 2

How do I integrate Zeek-MCP with Claude Desktop?

Accepted Answer

You can integrate Zeek-MCP with Claude Desktop by editing the `claude_desktop_config.json` file and adding a Zeek-mcp server configuration with the correct path to the `Bridge_Zeek_MCP.py` script.

Question 3

What are the key features of Zeek-MCP?

Accepted Answer

Zeek-MCP features include executing Zeek on PCAP files, parsing Zeek log files into structured DataFrames, supporting Server-Sent Events (SSE) and stdio transport protocols, and providing integration examples for Claude Desktop and 5ire MCP clients.

Question 4

What is Zeek-MCP?

Accepted Answer

Zeek-MCP provides utilities to build an MCP server, enabling conversational AI clients to analyze network traffic data processed by the Zeek network security monitoring engine. It allows you to query Zeek data using natural language.

Question 5

What are the prerequisites for using Zeek-MCP?

Accepted Answer

You need Python 3.7+, Zeek installed and available in your PATH, and pip for installing Python dependencies.  It's recommended to use a virtual environment for managing dependencies.

Zeek

About

Key Features

Use Cases