Zat
Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark
Install / Use
/learn @SuperCowPowers/ZatREADME
Zeek Analysis Tools (ZAT)
The ZAT Python package supports the processing and analysis of Zeek data with Pandas, scikit-learn, Kafka, and Spark
Recent
Thanks to https://github.com/Bl4omArchie for the Dask and Polars Zeek log converters. See examples here:
Install
pip install zat
pip install zat[pyspark] (includes pyspark library)
pip install zat[all] (include pyarrow, yara-python, and tldextract)
Getting Started
AWS Data Processing and ML Modeling
- Please see Workbench
Installing on Raspberry Pi!
Recent Improvements
- Faster/Smaller Pandas Dataframes for large log files: Large Dataframes
- Better Panda Dataframe to Matrix (ndarray) support: Dataframe To Matrix
- Scalable conversion from Zeek logs to Parquet: Zeek to Parquet
- Vastly improved Spark Dataframe Class: Zeek to Spark
- Updated/improved Notebooks: Analysis Notebooks
- Zeek JSON to DataFrame class: Zeek JSON to DataFrame Example
Video Presentation
Why ZAT?
Zeek already has a flexible, powerful scripting language why should I use ZAT?
Offloading: Running complex tasks like statistics, state machines, machine learning, etc.. should be offloaded from Zeek so that Zeek can focus on the efficient processing of high volume network traffic.
Data Analysis: We have a large set of support classes that help bridge from raw Zeek data to packages like Pandas, scikit-learn, Kafka, and Spark. We also have example notebooks that show step-by-step how to get from here to there.
Analysis Notebooks
- Zeek to Scikit-Learn
- Zeek to Parquet
- Zeek to Spark
- Spark Clustering
- Zeek to Kafka
- Zeek to Kafka to Spark
- Clustering: Picking K (or not)
- Anomaly Detection Exploration
- Risky Domains Stats and Deployment
- Zeek to Matplotlib
Documentation
https://supercowpowers.github.io/zat/
Running Tests
pip install -e ".[all]"
pip install pytest pytest-cov
pytest zat # Quick test run
tox # Full matrix (Python 3.10, 3.12, 3.13 + flake8)
About SuperCowPowers
The company was formed so that its developers could follow their passion for Python, streaming data pipelines and having fun with data analysis. We also think cows are cool and should be superheros or at least carry around rayguns and burner phones. <a href="https://www.supercowpowers.com" target="_blank">Visit SuperCowPowers</a>
Related Skills
healthcheck
340.2kHost security hardening and risk-tolerance configuration for OpenClaw deployments
prose
340.2kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
claude-opus-4-5-migration
84.1kMigrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5
Writing Hookify Rules
84.1kThis skill should be used when the user asks to "create a hookify rule", "write a hook rule", "configure hookify", "add a hookify rule", or needs guidance on hookify rule syntax and patterns.
