Issue 5 – June 2020
Welcome to the Zeek Monthly Newsletter, Issue 5 covers May 2020 as well as upcoming events.
In this Issue:
- Development Updates
- Zeek Blog
- Zeek In The Community
- New Zeek Related Packages
- Zeek in Enterprise
- Upcoming Events
- Zeek Related Jobs
- Get Involved
This newsletter covers items found in, near and around the community in May 2020. You’ll also see upcoming events for the remainder of June and July. For those events that have already happened we have included the links.
We’ve also included a list of Zeek related jobs, Zeek Packages that were added in May and we have added a new section – Zeek in Enterprise.
We Need Your Feedback
We are always looking for ways to improve our engagement opportunities and as such we have a few surveys we’d like to get your feedback on. Depending on your areas of interest please take a moment to give us your feedback.
- Cloud Security – https://www.surveymonkey.com/r/ZeekCloudSecuritySurvey
- Webinar Survey – https://www.surveymonkey.com/r/zeekwebinarsurvey
- Governance Survey – https://www.surveymonkey.com/r/zeekgovernancesurvey
- Package Contest Survey – https://www.surveymonkey.com/r/zeekpackagecontestsurvey
New Live Streaming
Zeek YouTube Channel – https://www.youtube.com/zeekurity
We are now Live Streaming all our recorded webinars to YouTube. We have also added a Zeek From Home Playlist. – https://www.youtube.com/watch?v=-iwD1BYA1s0&list=PL2EYTX8UVCMiLeD0NwUK0_QqAyEeivLkN
Zeek 3.0.6 and 3.1.3 release (security + bug fixes) – http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-May/015308.html
Announcing the (New) Spicy Parser Generator – The Spicy parser generator makes it substantially easier for Zeek to support and parse new protocols and file formats. – https://zeek.org/2020/05/18/announcing-the-new-spicy-parser-generator/
1 May 2020 – Community Call Notes and Recording – Each month we have an open call with the community. This is the summary of the May 2020 call. http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-May/015306.html
People of Zeek Interview Series – Matthias Vallentin of Tenzir – Matthias is the Co-Founder and CEO of Tenzir as well as an active Zeek community member. – https://zeek.org/2020/05/05/people-of-zeek-interview-series-matthias-vallentin-of-tenzir/
People of Zeek – Interview Series – Phil Rzewski of Brim Security – Phil is the Technical Director at Brim Security and an active Zeek community member. – https://zeek.org/2020/05/06/people-of-zeek-interview-series-phil-rzewski-of-brim-security/
Zeek From Home – Episode 2- Looking Deeper into the Zeek 3.0 – Major Changes, Point Releases and more – Recording Now Available! – https://zeek.org/2020/05/15/zeek-from-home-episode-2-looking-deeper-into-the-zeek-3-0-major-changes-point-releases-and-more-recording-now-available/
Zeek From Home – Episode 3- Suricata – Recording Now Available! – https://zeek.org/2020/05/27/zeek-from-home-episode-3-suricata/
Zeek (Bro) Install Session – with Fatama Bannat Wala and Virtually Testing Foundation –
Issue 4 of the Zeek Monthly Newsletter – https://zeek.org/2020/05/11/zeek-monthly-newsletter-issue-4-may-2020/
Zeek in the Community
University supercomputers shut down over cryptocurrency mining malware – Leading educational facilities among those whose supercomputers were infected – in the UK, Switzerland Germany and one suspected in Spain – according to reports. – https://www.scmagazineuk.com/university-supercomputers-shut-down-cryptocurrency-mining-malware/article/1683477
Expert Reaction On Supercomputers Across Europe Infected with Cryptomining Malware – Multiple supercomputers across Europe have been infected with cryptocurrency mining malware and have shut down to investigate the intrusions, according to ZDNet. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumoured to have also happened at a high-performance computing centre located in Spain.See what experts have to say on the matter. https://www.informationsecuritybuzz.com/expert-comments/expert-reaction-on-supercomputers-across-europe-infected-with-cryptomining-malware/
Security Onion Hybrid Hunter 1.3.0 – Beta 2 Available for Testing! – Help test the next major release of Security Onion – https://blog.securityonion.net/2020/05/security-onion-hybrid-hunter-130-beta-2.html
securityonion-capme – 20121213-0ubuntu0securityonion79 resolves a Reflected XSS – vulnerability – Kevin Breen responsibly disclosed a Reflected XSS vulnerability in CapMe. We’ve improved input validation to address this vulnerability and a package is now available – https://blog.securityonion.net/2020/05/securityonion-capme-20121213.html
20200501 Edition of Security Onion Documentation printed book now available! – A printed version of Security Onions Official online documentation is now available in print. Check it out at: https://blog.securityonion.net/2020/05/20200501-edition-of-security-onion.html
Zeek 3.0.6 now available for Security Onion! – https://blog.securityonion.net/2020/05/zeek-306-now-available-for-security.html
Security Onion 16.04.6.6 ISO image now available featuring Zeek 3.0.5, Suricata 4.1.8, Elastic 6.8.8, CyberChef 9.20.3, and more! – https://blog.securityonion.net/2020/05/security-onion-160466-iso-image-now.html
How to install Zeek (aka bro) – Virtually Testing (Video) – Fatema Bannat Wala, CISSP walks participants through how to install Zeek on an Ubuntu. https://www.youtube.com/watch?v=4b_dW5JdE5U
New Zeek Related packages
SMB Fingerprinting Zeek package – https://github.com/micrictor/smbfp
Zeek-known-outbound – https://github.com/dopheide-esnet/zeek-known-outbound
Rdfp – https://github.com/yahoo/rdfp
icannTLD – https://github.com/corelight/icannTLD
Zeek In Enterprise
Corelight Co-founders Receive Prestigious IEEE Test of Time Award – Dr. Vern Paxson and Dr. Robin Sommer’s landmark 2010 paper on the challenges of machine learning for intrusion detection honored for its enduring influence on the security industry – https://www.prnewswire.com/news-releases/corelight-co-founders-receive-prestigious-ieee-test-of-time-award-301060331.html
Latest Version of the Bricata Network Security Platform Adds MITRE ATT&CK Support and Simplified Workflows – This update adds powerful support for the MITRE ATT&CK framework, support for high-density data nodes to improve storage and scalability, alert grouping for streamlined management and response, support for virtualization on Amazon Web Services (AWS), and more. https://securityboulevard.com/2020/05/latest-version-of-the-bricata-network-security-platform-adds-mitre-attck-support-and-simplified-workflows/
Upcoming Events (June and July)
About Zeek From Home: A weekly webinar presentation series where Zeek users, developers and invited guests can present on Zeek related topics. These presentations are recorded and shared with the community. These webinars ARE recorded. You can find out more about Zeek From Home at: https://zeek.org/2020/03/31/zeek-from-home/
About Ask The Zeeksperts: Is a bi-weekly webinar series where Zeek users, developers and invited guests can answer technical questions about adopting, implementing and using Zeek data. The community is invited to “drop in” to these calls and ask your questions. These webinars are NOT recorded (unless otherwise noted).
About Zeek Community CTF (Capture the Flag) Events: Players will compete head-to-head on dozens of security challenges using Zeek data in both Splunk and Elastic. Players can also use open-source Zeek tools on a CLI. Sign up Today! Game winner will take home bragging rights and a $100 Amazon Gift Card.
About Monthly Zeek Community Call: These are monthly calls that are open to the community to discuss topics related to the growth, governance and administration of the community. These calls are open to the community and recorded.
- 24 June 2020 – ZEEK FROM HOME -11am PDT/2pm EDT – Corelight’s role in the Zeek Project – host Greg Bell –
- 25 June 2020 – ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT – Zeek – host Seth Hall
(UPDATED LINK) Registration Link: https://corelight.zoom.us/meeting/register/tJcqdeuopz8sGNTaVIuNLcfiuoghJ4QgO2ko
(Events will be updated as we get more information.)
- 8 July 2020 – ZEEK FROM HOME –11am PDT/2pm EDT – Topic and Presenter TBD
Registration Link – https://corelight.zoom.us/webinar/register/WN_88o6MH5zTXargf731ZNSwg
- 9 July 2020 – ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT
Registration Link – https://corelight.zoom.us/meeting/register/tJMtdOChqTIoHtM3eOLVs6gq2KwI9-pW0GCZ
- 10 July 2020 – Monthly Community Call – 3pm EDT – This is a recurring call and you will be able to select all upcoming community calls.
Registration Link: https://corelight.zoom.us/meeting/register/tJcldO6qrTMrG9Kwsu6_qHsUeAvdjLmMw6-i
- 15 July 2020 – ZEEK FROM HOME –11am PDT/2pm EDT – Topic and Presenter TBD
Registration Link – https://corelight.zoom.us/webinar/register/WN_sSTXJPODRSeTGhBrXKZc3Q
- 15 July 2020 – ZEEK COMMUNITY CTF –1-3pm PDT/4-6pm EDT
Registration Link – https://corelight.zoom.us/meeting/register/tJYqceGgqjwvGNXFYKgLYVQheMs8KhZnCQpu
- 22 July 2020 – ZEEK FROM HOME –11am PDT/2pm EDT – Topic and Presenter TBD
Registration Link – https://corelight.zoom.us/webinar/register/WN_W_cJVVykQh-jT6ogoPCKTw
- 23 July 2020 – ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT
Registration Link – https://corelight.zoom.us/meeting/register/tJAlce6trjIsHtPe4jx4h12JTEzYhSRdv96w
- 29 July 2020 – ZEEK FROM HOME –11am PDT/2pm EDT – JA3 and presented by Jeff Atkinson.
Registration Link – https://corelight.zoom.us/webinar/register/WN_Gjh6eHImT56SUHP6XSs7BA
June Past Webinars (Links to recordings and posts below):
- 5 June 2020 – MONTHLY COMMUNITY CALL -Noon PDT/3pm EDT –
Link Notes and Recording – http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-May/015306.html
- 10 June 2020 – ZEEK FROM HOME –11am PDT/2pm EDT – Zeek Scripts – 101 to 595 – host Aashish Sharma
Links to Blog Post and Recording – https://zeek.org/2020/06/17/zeek-from-home-episode-6-zeek-scripting-101-to-495-in-45-mins-recording-now-available/
- 11 June 2020 – ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT – Security Onion – host Doug Burks
Link to Video – https://youtu.be/UBqTsQTOv90
- 17 June 2020 – ZEEK FROM HOME -11am PDT/2pm EDT – Spicy – host Robin Sommer –
Link to Video: https://youtu.be/FZWVbKQyBmM
If you know of any Zeek related events that you would like to share with the community in the monthly newsletter, please email email@example.com or share on the Zeek mailing list (firstname.lastname@example.org).
Zeek Related Jobs
Front End Engineer – https://www.brimsecurity.com/team/front-end-engineer/
Network-Based System Analyst Lead – https://www.linkedin.com/jobs/view/1875715533/
Network-Based System Analyst Lead – https://www.linkedin.com/jobs/view/1883331295/
Sr Cyber DefenseTechnologist I – https://www.linkedin.com/jobs/view/1854283720/
Sr Cyber DefenseTechnologist I – https://www.linkedin.com/jobs/view/1883301962/
Cyber Defense Technologist II – https://www.linkedin.com/jobs/view/1897092520/
Cyber Defense Technologist II – https://www.linkedin.com/jobs/view/1893187670/
Cyber Network Defense (CND) Architect – https://www.linkedin.com/jobs/view/1854258959/
Cyber Defense Technologist II – https://www.linkedin.com/jobs/view/1893737933/
Cyber Network Defense (CND) Architect – https://www.linkedin.com/jobs/view/1903965203/
If you are interested in getting involved with the Zeek Newsletter, please email email@example.com.
More information about the newsletter can be found here.
Stay up to date by subscribing to the Zeek Mailing List.
Follow us on Twitter