Issue 7 – September 2020
Welcome to the Zeek Monthly Newsletter! Issue 7 covers July and August 2020, as well as upcoming events.
In this Issue:
- Development Updates
- Zeek Blog
- Zeek In The Community
- New Zeek Packages
- Zeek in Enterprise
- Upcoming Events
- Zeek Related Jobs
- Volunteer Opportunities
- Get Involved
Since our last newsletter, we have seen 6 new Zeek Packages added to the Zeek Package Manager.
Zeek Events Webinars for September include a special presentation by Alex Kirk, “Open Source Brewing”. If you’re a beer-brewing, open source enthusiast… then this webinar is for you! Check out the full description below or on the registration page.
Zeek Events for October include Virtual Zeek Week 2020, which will be held online from 9am – 1:20pm PDT on 13-15 October 2020. Registration is open, and the full agenda will be announced later this week.
Volunteer Opportunities: Do you have an hour or two a week that you would like to give to the project? We have several areas where your help would be greatly appreciated.
Zeek 3.0.8 and 3.1.5 released (security + bug fixes) – https://firstname.lastname@example.org/thread/RG4GYWS5WZHT5VTEWY2SEDIMD4XY6MTU/
Zeek 3.2.0 Release Candidate 1 Now Available – https://email@example.com/thread/I4UNZMIFNSTHNMAB6O25WQI5FDNESHUH/
More information about project release cadence:
ZPC-3 Developers Phase Open – https://zeek.org/2020/08/21/zpc-3-developers-phase-open/
Virtual ZeekWeek 2020 – Call For Presentations, and Registration Now Open – https://zeek.org/2020/08/17/virtual-zeekweek-2020-call-for-presentations-and-registration-now-open/
Save the Date – Virtual ZeekWeek 2020 – Announced – https://zeek.org/2020/08/14/save-the-date-virtual-zeekweek-2020-announced/
Zeek Leadership Team Elections – Nominations Phase Now Open – https://zeek.org/2020/08/12/zeek-leadership-team-elections-nominations-phase-now-open/
New Zeek Governance Framework Announced – https://zeek.org/2020/08/12/new-zeek-governance-framework-announced/
Zeek 3.2 Released – https://zeek.org/2020/08/10/zeek-3-2-released/
Zeek Mailing List Migration – https://zeek.org/2020/07/30/zeek-mailing-list-migration/
Zeek 3.2 Release Candidate Available—and Zeek 3.1.5 and Zeek 3.0.8 as well – https://zeek.org/2020/07/27/zeek-3-2-release-candidate-available-and-zeek-3-1-5-and-zeek-3-0-8-as-well/
Zeek Package Contest – ZPC-3 – https://zeek.org/2020/07/15/zeek-package-contest-zpc-3/
Zeek in the Community
Part VI: Zeek File Analysis Framework – https://www.ericooi.com/zeekurity-zen-part-vi-zeek-file-analysis-framework/
Together is faster: Zeek for vulnerabilities – https://corelight.blog/2020/08/18/together-is-faster-zeek-for-vulnerabilities/
Security Onion 2.1 (RC2), Import Node, and so-import-pcap! – https://blog.securityonion.net/2020/08/security-onion-21-rc2-import-node-and.html
Security Onion 2.1 (Release Candidate 2) Available for Testing! – https://blog.securityonion.net/2020/08/security-onion-21-release-candidate-2.html
Security Onion 16.04.7.1 ISO image now available featuring Zeek 3.0.8, Snort 220.127.116.11, Elastic 6.8.11, CyberChef 9.21.0, and more! – https://blog.securityonion.net/2020/08/security-onion-160471-iso-image-now.html
CyberChef 9.21.0 now available for Security Onion 16.04! – https://blog.securityonion.net/2020/08/cyberchef-9210-now-available-for.html
Snort 18.104.22.168 now available for Security Onion 16.04! – https://blog.securityonion.net/2020/08/snort-29161-now-available-for-security.html
Security Onion 2.0 RC1: so-import-pcap is back! – https://blog.securityonion.net/2020/08/security-onion-20-rc1-so-import-pcap-is.html
Security Onion 2.0.3 RC1 Available for Testing! – https://blog.securityonion.net/2020/07/security-onion-203-rc1-available-for.html
Zeek 3.0.8 now available for Security Onion 16.04! – https://blog.securityonion.net/2020/07/zeek-308-now-available-for-security.html
Elastic Stack 6.8.11 now available for Security Onion 16.04! – https://blog.securityonion.net/2020/07/elastic-stack-6811-now-available-for.html
Security Onion 2.0 Release Candidate 1 (RC1) Available for Testing! – https://blog.securityonion.net/2020/07/security-onion-20-release-candidate-1.html
New Brim and ZQ releases available (August) – https://twitter.com/brimsecurity/status/1290646543729647623?s=20
Brim Overview for Developers – https://youtu.be/CPel0iu1pig (Video)
New Brim and ZQ releases (July) – https://twitter.com/brimsecurity/status/1282364392017780736?s=20
Reducing MTTD with Threat Bus – A User Introduction
New Zeek Packages
detect-ransomware-filenames – https://github.com/corelight/detect-ransomware-filenames
CVE-2020-5902-F5BigIP – https://github.com/corelight/CVE-2020-5902-F5BigIP
Zeek-new-domains – https://github.com/rvictory/zeek-new-domains
geoip-conn – https://github.com/brimsec/geoip-conn
Zeek In the Enterprise
Reducing MTTD with Threat Bus – A User Introduction – https://tenzir.com/blog/reducing-mttd-with-threat-bus-a-user-introduction/
Security Onion Hybrid Hunter 1.4.1 Available for Testing! – https://blog.securityonion.net/2020/07/security-onion-hybrid-hunter-141-now.html
Zeek Webinar Series – This is a bi-weekly webinar series that includes Zeek related presentations, Zeek Q&A and more. We are consolidating the webinars previously known as ‘Ask the Zeekperts’ and ‘Zeek from Home’ into a single series, with a diversity of content planned.
About Monthly Zeek Community Call: Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community. These calls ARE recorded.
Zeek Webinar Series – 23 September 2020 from 2:00pm – 3:00pm EDT – Open Source Brewing – Presented by Alex Kirk of Corelight.
The home brewing and open source communities share many similarities. Established members of both communities actively seek to draw in new adherents to the cause, touting the awesome power of customizability inherent in an open process. Both communities use walkthroughs of known-good recipes to get beginners moving, and have active forums and events where experts in the craft can help troubleshoot the problems that arise as people of all skill levels apply the tools of the trade in the real world, and people of all skill levels can come together to make cool things happen. Taking existing recipes and modifying them to fit new tastes and techniques is encouraged, especially when the successes are contributed back to the community. This session will explore those similarities while walking through a brew of Zeek Porter – with helpful pointers for how to become more involved in the Zeek and Suricata communities along the way.
Alex Kirk is an open source security veteran, with over 15 years combined experience working with Snort/Suricata, Nessus, and Zeek. He has presented globally at security conferences on topics from “Malware Mythbusting” to “Is Zeek an IDS?”, and currently works as Corelight’s Global Principal for Suricata. His brewing style leans towards high-gravity styles, including an almost award-winning Tripel.
Virtual Zeek Week – 13-15 October
Zeek Related Jobs
Front End Engineer Position –
Senior Software Engineer Position – https://bricata.com/careers/senior-software-engineer-position/
NorthEast Sales Engineer –
Cloud Architect –
DACH Regional Sales Director –
Director of Strategic Alliances –
Inside Sales Representative –
Sr. Zeek/Bro Engineer –
- Newsletter – adopt a section, contribute links, help edit, help promote
- Blog Content – we are always in search of new Zeek content, how to’s and more
- Interviews – we have a list of people we would like to interview….would you like to get to know people in the community, tell their stories and promote their work?
- Community Calls – would you like to get involved and help lead these calls?
- Webinars – Everything from helping to upload to Youtube, write a summary post and help promote.
If you are interested in helping with any of the above, please let me know. We’ll work with you and help keep it light and easy. Thanks in advance!
If you are interested in getting involved with the Zeek Newsletter, please email firstname.lastname@example.org.
More information about the newsletter can be found here.
Stay up to date by subscribing to the Zeek Mailing List.
Join the conversation on Slack.
Follow us on Twitter