X

zeek-weekly

Welcome to the Zeek Monthly Newsletter, Issue 2 covers January and February 2020 as well as upcoming events. 

 

In this Issue:

If you know of other Zeek related career opportunities, please let us know so we can include those links in future newsletters.

Other

Fourth Edition of Security Onion Documentation printed book now available! – https://blog.securityonion.net/2020/03/fourth-edition-of-security-onion.html

Getting Started with Zeek Docker Style Pt. 1 – https://blog.zeek.org/2020/01/getting-started-with-zeek-docker-style.html

Publication Schedule

*Issue 1 – January 2020 (Covers December 2019) – 14 January 2020

*Issue 2 – March 2020 (Covers January and February 2020) – 2 March 2020

*Issue 3 – April 2020 (Covers March 2020) – 6 April 2020

*Issue 4 – May 2020 (Covers April 2020) – 4 May 2020

*Issue 5 – June 2020 (Covers May 2020) – 1 June 2020

*Issue 6 – July 2020 (Covers June 2020) – 6 July 2020

*Issue 7 – August 2020 (Covers July 2020) – 3 August 2020

*Issue 8 – September 2020 (Covers August 2020) – 7 September 2020

*Issue 9 – Special Issue 1 – September 2020 (Covers ZeekWeek 2020) – 21 September 2020

*Issue 10 – October 2020 (Covers September 2020) – 5 October 2020

*Issue 11 – November 2020 (Covers October 2020) – 2 November 2020

*Issue 12 – December 2020 (Covers November 2020) – 7 December 2020

*Issue 13 – Special Issue 2 – (Year End Review) – 21 December 2020

Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Follow us on Twitter

If you know of other Zeek related career opportunities, please let us know so we can include those links in future newsletters.

Other

Fourth Edition of Security Onion Documentation printed book now available! – https://blog.securityonion.net/2020/03/fourth-edition-of-security-onion.html

Getting Started with Zeek Docker Style Pt. 1 – https://blog.zeek.org/2020/01/getting-started-with-zeek-docker-style.html

Publication Schedule

*Issue 1 – January 2020 (Covers December 2019) – 14 January 2020

*Issue 2 – March 2020 (Covers January and February 2020) – 2 March 2020

*Issue 3 – April 2020 (Covers March 2020) – 6 April 2020

*Issue 4 – May 2020 (Covers April 2020) – 4 May 2020

*Issue 5 – June 2020 (Covers May 2020) – 1 June 2020

*Issue 6 – July 2020 (Covers June 2020) – 6 July 2020

*Issue 7 – August 2020 (Covers July 2020) – 3 August 2020

*Issue 8 – September 2020 (Covers August 2020) – 7 September 2020

*Issue 9 – Special Issue 1 – September 2020 (Covers ZeekWeek 2020) – 21 September 2020

*Issue 10 – October 2020 (Covers September 2020) – 5 October 2020

*Issue 11 – November 2020 (Covers October 2020) – 2 November 2020

*Issue 12 – December 2020 (Covers November 2020) – 7 December 2020

*Issue 13 – Special Issue 2 – (Year End Review) – 21 December 2020

Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Follow us on Twitter

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

If you know of other Zeek related career opportunities, please let us know so we can include those links in future newsletters.

Other

Fourth Edition of Security Onion Documentation printed book now available! – https://blog.securityonion.net/2020/03/fourth-edition-of-security-onion.html

Getting Started with Zeek Docker Style Pt. 1 – https://blog.zeek.org/2020/01/getting-started-with-zeek-docker-style.html

Publication Schedule

*Issue 1 – January 2020 (Covers December 2019) – 14 January 2020

*Issue 2 – March 2020 (Covers January and February 2020) – 2 March 2020

*Issue 3 – April 2020 (Covers March 2020) – 6 April 2020

*Issue 4 – May 2020 (Covers April 2020) – 4 May 2020

*Issue 5 – June 2020 (Covers May 2020) – 1 June 2020

*Issue 6 – July 2020 (Covers June 2020) – 6 July 2020

*Issue 7 – August 2020 (Covers July 2020) – 3 August 2020

*Issue 8 – September 2020 (Covers August 2020) – 7 September 2020

*Issue 9 – Special Issue 1 – September 2020 (Covers ZeekWeek 2020) – 21 September 2020

*Issue 10 – October 2020 (Covers September 2020) – 5 October 2020

*Issue 11 – November 2020 (Covers October 2020) – 2 November 2020

*Issue 12 – December 2020 (Covers November 2020) – 7 December 2020

*Issue 13 – Special Issue 2 – (Year End Review) – 21 December 2020

Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Follow us on Twitter

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

ZeekWeek 2020

Save the Date – ZeekWeek 2020 to be held in Austin Texas 7-9 October – https://blog.zeek.org/2020/01/keeping-austin-weirdlogs-save-date.html

If you know of any Zeek related events that you would like to share with community in the monthly newsletter, please email news@zeek.org or share on the Zeek mailing list (zeek@zeek.org).

Contribution/Contributor of the Month

Within 24 hours of the Microsoft CVE-2020-0601 vulnerability being announced, Johanna Amann, released a Zeek package to detect this vulnerability. More about this package can be found at: https://blog.zeek.org/2020/01/detecting-cve-2020-0601-with-zeek.html

Zeek-related Jobs

If you know of other Zeek related career opportunities, please let us know so we can include those links in future newsletters.

Other

Fourth Edition of Security Onion Documentation printed book now available! – https://blog.securityonion.net/2020/03/fourth-edition-of-security-onion.html

Getting Started with Zeek Docker Style Pt. 1 – https://blog.zeek.org/2020/01/getting-started-with-zeek-docker-style.html

Publication Schedule

*Issue 1 – January 2020 (Covers December 2019) – 14 January 2020

*Issue 2 – March 2020 (Covers January and February 2020) – 2 March 2020

*Issue 3 – April 2020 (Covers March 2020) – 6 April 2020

*Issue 4 – May 2020 (Covers April 2020) – 4 May 2020

*Issue 5 – June 2020 (Covers May 2020) – 1 June 2020

*Issue 6 – July 2020 (Covers June 2020) – 6 July 2020

*Issue 7 – August 2020 (Covers July 2020) – 3 August 2020

*Issue 8 – September 2020 (Covers August 2020) – 7 September 2020

*Issue 9 – Special Issue 1 – September 2020 (Covers ZeekWeek 2020) – 21 September 2020

*Issue 10 – October 2020 (Covers September 2020) – 5 October 2020

*Issue 11 – November 2020 (Covers October 2020) – 2 November 2020

*Issue 12 – December 2020 (Covers November 2020) – 7 December 2020

*Issue 13 – Special Issue 2 – (Year End Review) – 21 December 2020

Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Follow us on Twitter

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Ask the Zeeksperts

Ask the Zeeksperts is a one hour bi-weekly call that is hosted by various “Zeeksperts” in the community. This is where you can drop by and ask your Zeek Related questions. The webinars are free to attend, but registration is required.

ZeekWeek 2020

Save the Date – ZeekWeek 2020 to be held in Austin Texas 7-9 October – https://blog.zeek.org/2020/01/keeping-austin-weirdlogs-save-date.html

If you know of any Zeek related events that you would like to share with community in the monthly newsletter, please email news@zeek.org or share on the Zeek mailing list (zeek@zeek.org).

Contribution/Contributor of the Month

Within 24 hours of the Microsoft CVE-2020-0601 vulnerability being announced, Johanna Amann, released a Zeek package to detect this vulnerability. More about this package can be found at: https://blog.zeek.org/2020/01/detecting-cve-2020-0601-with-zeek.html

Zeek-related Jobs

If you know of other Zeek related career opportunities, please let us know so we can include those links in future newsletters.

Other

Fourth Edition of Security Onion Documentation printed book now available! – https://blog.securityonion.net/2020/03/fourth-edition-of-security-onion.html

Getting Started with Zeek Docker Style Pt. 1 – https://blog.zeek.org/2020/01/getting-started-with-zeek-docker-style.html

Publication Schedule

*Issue 1 – January 2020 (Covers December 2019) – 14 January 2020

*Issue 2 – March 2020 (Covers January and February 2020) – 2 March 2020

*Issue 3 – April 2020 (Covers March 2020) – 6 April 2020

*Issue 4 – May 2020 (Covers April 2020) – 4 May 2020

*Issue 5 – June 2020 (Covers May 2020) – 1 June 2020

*Issue 6 – July 2020 (Covers June 2020) – 6 July 2020

*Issue 7 – August 2020 (Covers July 2020) – 3 August 2020

*Issue 8 – September 2020 (Covers August 2020) – 7 September 2020

*Issue 9 – Special Issue 1 – September 2020 (Covers ZeekWeek 2020) – 21 September 2020

*Issue 10 – October 2020 (Covers September 2020) – 5 October 2020

*Issue 11 – November 2020 (Covers October 2020) – 2 November 2020

*Issue 12 – December 2020 (Covers November 2020) – 7 December 2020

*Issue 13 – Special Issue 2 – (Year End Review) – 21 December 2020

Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Follow us on Twitter

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Threat of the Month

Microsoft vulnerability CVE-2020-0601

In this blog post, Johanna Amann explains the CVE-2020-0601 vulnerability as, “…is a major security issue affecting recent versions of Microsoft Windows. In a nutshell, NSA found a vulnerability in core Windows libraries that perform certificate validation. This vulnerability can be used to craft certificates that are accepted as valid by Windows – even though they do not have a valid signature of a trusted certificate authority. The vulnerability can, for example, be used to impersonate TLS servers, to fake signature, or to fake email and file signatures.”
https://blog.zeek.org/2020/01/detecting-cve-2020-0601-with-zeek.html

 

Upcoming Events

Zeek Community Monthly Call

This is a recurring monthly call (the first Friday of each month) where the Zeek community can come together to discuss non code related activities and needs of the community.

Ask the Zeeksperts

Ask the Zeeksperts is a one hour bi-weekly call that is hosted by various “Zeeksperts” in the community. This is where you can drop by and ask your Zeek Related questions. The webinars are free to attend, but registration is required.

ZeekWeek 2020

Save the Date – ZeekWeek 2020 to be held in Austin Texas 7-9 October – https://blog.zeek.org/2020/01/keeping-austin-weirdlogs-save-date.html

If you know of any Zeek related events that you would like to share with community in the monthly newsletter, please email news@zeek.org or share on the Zeek mailing list (zeek@zeek.org).

Contribution/Contributor of the Month

Within 24 hours of the Microsoft CVE-2020-0601 vulnerability being announced, Johanna Amann, released a Zeek package to detect this vulnerability. More about this package can be found at: https://blog.zeek.org/2020/01/detecting-cve-2020-0601-with-zeek.html

Zeek-related Jobs

If you know of other Zeek related career opportunities, please let us know so we can include those links in future newsletters.

Other

Fourth Edition of Security Onion Documentation printed book now available! – https://blog.securityonion.net/2020/03/fourth-edition-of-security-onion.html

Getting Started with Zeek Docker Style Pt. 1 – https://blog.zeek.org/2020/01/getting-started-with-zeek-docker-style.html

Publication Schedule

*Issue 1 – January 2020 (Covers December 2019) – 14 January 2020

*Issue 2 – March 2020 (Covers January and February 2020) – 2 March 2020

*Issue 3 – April 2020 (Covers March 2020) – 6 April 2020

*Issue 4 – May 2020 (Covers April 2020) – 4 May 2020

*Issue 5 – June 2020 (Covers May 2020) – 1 June 2020

*Issue 6 – July 2020 (Covers June 2020) – 6 July 2020

*Issue 7 – August 2020 (Covers July 2020) – 3 August 2020

*Issue 8 – September 2020 (Covers August 2020) – 7 September 2020

*Issue 9 – Special Issue 1 – September 2020 (Covers ZeekWeek 2020) – 21 September 2020

*Issue 10 – October 2020 (Covers September 2020) – 5 October 2020

*Issue 11 – November 2020 (Covers October 2020) – 2 November 2020

*Issue 12 – December 2020 (Covers November 2020) – 7 December 2020

*Issue 13 – Special Issue 2 – (Year End Review) – 21 December 2020

Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Follow us on Twitter

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Threat of the Month

Microsoft vulnerability CVE-2020-0601

In this blog post, Johanna Amann explains the CVE-2020-0601 vulnerability as, “…is a major security issue affecting recent versions of Microsoft Windows. In a nutshell, NSA found a vulnerability in core Windows libraries that perform certificate validation. This vulnerability can be used to craft certificates that are accepted as valid by Windows – even though they do not have a valid signature of a trusted certificate authority. The vulnerability can, for example, be used to impersonate TLS servers, to fake signature, or to fake email and file signatures.”
https://blog.zeek.org/2020/01/detecting-cve-2020-0601-with-zeek.html

 

Upcoming Events

Zeek Community Monthly Call

This is a recurring monthly call (the first Friday of each month) where the Zeek community can come together to discuss non code related activities and needs of the community.

Ask the Zeeksperts

Ask the Zeeksperts is a one hour bi-weekly call that is hosted by various “Zeeksperts” in the community. This is where you can drop by and ask your Zeek Related questions. The webinars are free to attend, but registration is required.

ZeekWeek 2020

Save the Date – ZeekWeek 2020 to be held in Austin Texas 7-9 October – https://blog.zeek.org/2020/01/keeping-austin-weirdlogs-save-date.html

If you know of any Zeek related events that you would like to share with community in the monthly newsletter, please email news@zeek.org or share on the Zeek mailing list (zeek@zeek.org).

Contribution/Contributor of the Month

Within 24 hours of the Microsoft CVE-2020-0601 vulnerability being announced, Johanna Amann, released a Zeek package to detect this vulnerability. More about this package can be found at: https://blog.zeek.org/2020/01/detecting-cve-2020-0601-with-zeek.html

Zeek-related Jobs

If you know of other Zeek related career opportunities, please let us know so we can include those links in future newsletters.

Other

Fourth Edition of Security Onion Documentation printed book now available! – https://blog.securityonion.net/2020/03/fourth-edition-of-security-onion.html

Getting Started with Zeek Docker Style Pt. 1 – https://blog.zeek.org/2020/01/getting-started-with-zeek-docker-style.html

Publication Schedule

*Issue 1 – January 2020 (Covers December 2019) – 14 January 2020

*Issue 2 – March 2020 (Covers January and February 2020) – 2 March 2020

*Issue 3 – April 2020 (Covers March 2020) – 6 April 2020

*Issue 4 – May 2020 (Covers April 2020) – 4 May 2020

*Issue 5 – June 2020 (Covers May 2020) – 1 June 2020

*Issue 6 – July 2020 (Covers June 2020) – 6 July 2020

*Issue 7 – August 2020 (Covers July 2020) – 3 August 2020

*Issue 8 – September 2020 (Covers August 2020) – 7 September 2020

*Issue 9 – Special Issue 1 – September 2020 (Covers ZeekWeek 2020) – 21 September 2020

*Issue 10 – October 2020 (Covers September 2020) – 5 October 2020

*Issue 11 – November 2020 (Covers October 2020) – 2 November 2020

*Issue 12 – December 2020 (Covers November 2020) – 7 December 2020

*Issue 13 – Special Issue 2 – (Year End Review) – 21 December 2020

Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Follow us on Twitter

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

  • General Community News/Updates
  • Development Updates
  • Zeek In the Community
  • Threat of the Month
  • Upcoming Events
  • Contribution/Contributor of the Month
  • Zeek Related Issues
  • Publication Schedule
  • Get Involved

General Community News/Updates

We are aiming to publish this newsletter monthly on the first full week of each month. The publication schedule can be found at the end of this post.

We are actively looking for content and contributors. Please consider becoming
an editor. If you are interested please email news@zeek.org

Development UpdatesZeek 3.1 Released (new) and Zeek 3.0.2 Released (update)

This blog post describes what is new in 3.1 and also highlights the second maintenance release (3.0.2) to the Zeek 3.0 LTS release. https://blog.zeek.org/2020/02/zeek-31-released.htmlUpdating a Zeek Plugin in Zeek 3.1 – This blog post describes a set of instructions for migrating a plugin to the new naming scheme. The changes made here will also work with Zeek 3.0, but 3.1 makes them mandatory.
https://blog.zeek.org/2020/02/updating-plugin-in-zeek-31.html

Zeek in the CommunityZeek is Like a Box of LEGO Bricks for Network Security [Q&A with Dr. Ali Hadi]

Bricata interviews Dr. Ali Hadi, a cybersecurity professor at Champlain College in Burlington, Vermont about his background, why Zeek and how he would describe Zeek.

https://securityboulevard.com/2020/01/zeek-is-like-a-box-of-lego-bricks-for-network-security-qa-with-dr-ali-hadi/

Enable Community ID Flow Hashing in Zeek (Bro)

Zachary Wasserman, of Dactiv LLC, walks Zeek users through how to install the bro-community-id plugin.
https://www.dactiv.llc/blog/enable-zeek-community-id/

Correlate Network Connections with Community ID in osquery

In this post, Zachary Wasserman, of Dactiv LLC, shows how, “Support for Community ID hashing in osquery 4.2.0 allows osquery’s endpoint instrumentation to be easily correlated with that of network monitors such as Zeek (formerly Bro). Similar strategies can be used to correlate osquery logs with those from other tools that support Community ID. This includes Moloch, Suricata, and more.” https://www.dactiv.llc/blog/correlate-osquery-network-connections/

Zeekurity Zen Zeries

In this series, Eric Ooi walks Zeek users through setting up Zeek as well as a variety of tips and tricks he’s learned through years of use.
https://www.ericooi.com/zeekurity-zen-zeries/

Threat of the Month

Microsoft vulnerability CVE-2020-0601

In this blog post, Johanna Amann explains the CVE-2020-0601 vulnerability as, “…is a major security issue affecting recent versions of Microsoft Windows. In a nutshell, NSA found a vulnerability in core Windows libraries that perform certificate validation. This vulnerability can be used to craft certificates that are accepted as valid by Windows – even though they do not have a valid signature of a trusted certificate authority. The vulnerability can, for example, be used to impersonate TLS servers, to fake signature, or to fake email and file signatures.”
https://blog.zeek.org/2020/01/detecting-cve-2020-0601-with-zeek.html

 

Upcoming Events

Zeek Community Monthly Call

This is a recurring monthly call (the first Friday of each month) where the Zeek community can come together to discuss non code related activities and needs of the community.

Ask the Zeeksperts

Ask the Zeeksperts is a one hour bi-weekly call that is hosted by various “Zeeksperts” in the community. This is where you can drop by and ask your Zeek Related questions. The webinars are free to attend, but registration is required.

ZeekWeek 2020

Save the Date – ZeekWeek 2020 to be held in Austin Texas 7-9 October – https://blog.zeek.org/2020/01/keeping-austin-weirdlogs-save-date.html

If you know of any Zeek related events that you would like to share with community in the monthly newsletter, please email news@zeek.org or share on the Zeek mailing list (zeek@zeek.org).

Contribution/Contributor of the Month

Within 24 hours of the Microsoft CVE-2020-0601 vulnerability being announced, Johanna Amann, released a Zeek package to detect this vulnerability. More about this package can be found at: https://blog.zeek.org/2020/01/detecting-cve-2020-0601-with-zeek.html

Zeek-related Jobs

If you know of other Zeek related career opportunities, please let us know so we can include those links in future newsletters.

Other

Fourth Edition of Security Onion Documentation printed book now available! – https://blog.securityonion.net/2020/03/fourth-edition-of-security-onion.html

Getting Started with Zeek Docker Style Pt. 1 – https://blog.zeek.org/2020/01/getting-started-with-zeek-docker-style.html

Publication Schedule

*Issue 1 – January 2020 (Covers December 2019) – 14 January 2020

*Issue 2 – March 2020 (Covers January and February 2020) – 2 March 2020

*Issue 3 – April 2020 (Covers March 2020) – 6 April 2020

*Issue 4 – May 2020 (Covers April 2020) – 4 May 2020

*Issue 5 – June 2020 (Covers May 2020) – 1 June 2020

*Issue 6 – July 2020 (Covers June 2020) – 6 July 2020

*Issue 7 – August 2020 (Covers July 2020) – 3 August 2020

*Issue 8 – September 2020 (Covers August 2020) – 7 September 2020

*Issue 9 – Special Issue 1 – September 2020 (Covers ZeekWeek 2020) – 21 September 2020

*Issue 10 – October 2020 (Covers September 2020) – 5 October 2020

*Issue 11 – November 2020 (Covers October 2020) – 2 November 2020

*Issue 12 – December 2020 (Covers November 2020) – 7 December 2020

*Issue 13 – Special Issue 2 – (Year End Review) – 21 December 2020

Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Follow us on Twitter

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]
%d bloggers like this: