zeek-weekly

Issue 7 – September  2020

Welcome to the Zeek Monthly Newsletter! Issue 7 covers July and August 2020, as well as upcoming events. 


In this Issue:

  • TL;DR 
  • Development Updates
  • Zeek Blog
  • Zeek In The Community
  • New Zeek Packages
  • Zeek in Enterprise
  • Upcoming Events
  • Zeek Related Jobs
  • Volunteer Opportunities
  • Get Involved

TL;DR

Zeek releases: 3.2.0 and  3.0.8 / 3.1.5 releases.  

Notable blog posts topics: Zeek Package Contest (ZPC-3), Zeek Leadership Team (LT) Elections and Virtual ZeekWeek 2020.  

Related to Zeek: releases from Brim, Security Onion, Corelight and more. Eric Ooi continues his blog series on Zeekurity. 

Since our last newsletter, we have seen 6 new Zeek Packages added to the Zeek Package Manager.

Zeek Events Webinars for September include a special presentation by Alex Kirk, “Open Source Brewing”. If you’re a beer-brewing, open source enthusiast… then this webinar is for you!  Check out the full description below or on the registration page.  

Zeek Events for October include Virtual Zeek Week 2020, which will be held online from 9am – 1:20pm PDT on 13-15 October 2020.  Registration is open, and the full agenda will be announced later this week. 

Volunteer Opportunities: Do you have an hour or two a week that you would like to give to the project? We have several areas where your help would be greatly appreciated.


Development Updates

Zeek 3.2.0 released – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/QTW6HGVMGODKGKSHAJSB4DI7OW35P4AY/

Zeek 3.0.8 and 3.1.5 released (security + bug fixes) – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/RG4GYWS5WZHT5VTEWY2SEDIMD4XY6MTU/

Zeek 3.2.0 Release Candidate 1 Now Available – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/I4UNZMIFNSTHNMAB6O25WQI5FDNESHUH/

More information about project release cadence:


Zeek Blog

ZPC-3 Developers Phase Open – https://zeek.org/2020/08/21/zpc-3-developers-phase-open/

Virtual ZeekWeek 2020 – Call For Presentations, and Registration Now Open – https://zeek.org/2020/08/17/virtual-zeekweek-2020-call-for-presentations-and-registration-now-open/

Save the Date – Virtual ZeekWeek 2020 – Announced – https://zeek.org/2020/08/14/save-the-date-virtual-zeekweek-2020-announced/

Zeek Leadership Team Elections – Nominations Phase Now Open – https://zeek.org/2020/08/12/zeek-leadership-team-elections-nominations-phase-now-open/

New Zeek Governance Framework Announced – https://zeek.org/2020/08/12/new-zeek-governance-framework-announced/

Zeek 3.2 Released – https://zeek.org/2020/08/10/zeek-3-2-released/

Zeek Mailing List Migration  – https://zeek.org/2020/07/30/zeek-mailing-list-migration/

Zeek 3.2 Release Candidate Available—and Zeek 3.1.5 and Zeek 3.0.8 as well  – https://zeek.org/2020/07/27/zeek-3-2-release-candidate-available-and-zeek-3-1-5-and-zeek-3-0-8-as-well/

Zeek Package Contest – ZPC-3 – https://zeek.org/2020/07/15/zeek-package-contest-zpc-3/


Zeek in the Community

Part VI: Zeek File Analysis Framework – https://www.ericooi.com/zeekurity-zen-part-vi-zeek-file-analysis-framework/

Together is faster: Zeek for vulnerabilities – https://corelight.blog/2020/08/18/together-is-faster-zeek-for-vulnerabilities/

Security Onion 2.1 (RC2), Import Node, and so-import-pcap! – https://blog.securityonion.net/2020/08/security-onion-21-rc2-import-node-and.html

Security Onion 2.1 (Release Candidate 2) Available for Testing! – https://blog.securityonion.net/2020/08/security-onion-21-release-candidate-2.html

Security Onion 16.04.7.1 ISO image now available featuring Zeek 3.0.8, Snort 2.9.16.1, Elastic 6.8.11, CyberChef 9.21.0, and more! – https://blog.securityonion.net/2020/08/security-onion-160471-iso-image-now.html

CyberChef 9.21.0 now available for Security Onion 16.04! – https://blog.securityonion.net/2020/08/cyberchef-9210-now-available-for.html

Snort 2.9.16.1 now available for Security Onion 16.04! – https://blog.securityonion.net/2020/08/snort-29161-now-available-for-security.html

Security Onion 2.0 RC1: so-import-pcap is back! – https://blog.securityonion.net/2020/08/security-onion-20-rc1-so-import-pcap-is.html

Security Onion 2.0.3 RC1 Available for Testing! – https://blog.securityonion.net/2020/07/security-onion-203-rc1-available-for.html

Zeek 3.0.8 now available for Security Onion 16.04! – https://blog.securityonion.net/2020/07/zeek-308-now-available-for-security.html

Elastic Stack 6.8.11 now available for Security Onion 16.04! – https://blog.securityonion.net/2020/07/elastic-stack-6811-now-available-for.html

Security Onion 2.0 Release Candidate 1 (RC1) Available for Testing! – https://blog.securityonion.net/2020/07/security-onion-20-release-candidate-1.html

New Brim and ZQ releases available (August) – https://twitter.com/brimsecurity/status/1290646543729647623?s=20

Brim Overview for Developers – https://youtu.be/CPel0iu1pig (Video)

New Brim and ZQ releases (July) – https://twitter.com/brimsecurity/status/1282364392017780736?s=20

Reducing MTTD with Threat Bus – A User Introduction

https://tenzir.com/blog/reducing-mttd-with-threat-bus-a-user-introduction


New Zeek Packages

detect-ransomware-filenames – https://github.com/corelight/detect-ransomware-filenames

Ztest – https://github.com/corelight/ztest

CVE-2020-5902-F5BigIP – https://github.com/corelight/CVE-2020-5902-F5BigIP

Zeek-new-domains – https://github.com/rvictory/zeek-new-domains

geoip-conn – https://github.com/brimsec/geoip-conn

rdfp – https://github.com/yahoo/rdfp


Zeek In the Enterprise

Reducing MTTD with Threat Bus – A User Introduction – https://tenzir.com/blog/reducing-mttd-with-threat-bus-a-user-introduction/

Security Onion Hybrid Hunter 1.4.1 Available for Testing! – https://blog.securityonion.net/2020/07/security-onion-hybrid-hunter-141-now.html


Upcoming Events 

Zeek Webinar Series – This is a bi-weekly webinar series that includes Zeek related presentations, Zeek Q&A and more. We are consolidating the webinars previously known as ‘Ask the Zeekperts’ and ‘Zeek from Home’ into a single series, with a diversity of content planned.  

About Monthly Zeek Community Call:  Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community.  These calls ARE recorded.

September

Zeek Webinar Series –  23 September 2020 from 2:00pm – 3:00pm EDT – Open Source Brewing – Presented by Alex Kirk of Corelight. 

The home brewing and open source communities share many similarities. Established members of both communities actively seek to draw in new adherents to the cause, touting the awesome power of customizability inherent in an open process. Both communities use walkthroughs of known-good recipes to get beginners moving, and have active forums and events where experts in the craft can help troubleshoot the problems that arise as people of all skill levels apply the tools of the trade in the real world, and people of all skill levels can come together to make cool things happen. Taking existing recipes and modifying them to fit new tastes and techniques is encouraged, especially when the successes are contributed back to the community. This session will explore those similarities while walking through a brew of Zeek Porter – with helpful pointers for how to become more involved in the Zeek and Suricata communities along the way.

Alex Kirk is an open source security veteran, with over 15 years combined experience working with Snort/Suricata, Nessus, and Zeek. He has presented globally at security conferences on topics from “Malware Mythbusting” to “Is Zeek an IDS?”, and currently works as Corelight’s Global Principal for Suricata. His brewing style leans towards high-gravity styles, including an almost award-winning Tripel.

Register at: https://corelight.zoom.us/webinar/register/WN_2KO0DA5SSqqDMtZpd6w71A

October

Virtual Zeek Week – 13-15 October

Register at: https://www.eventbrite.com/e/virtual-zeek-week-tickets-117288632457


Zeek Related Jobs

Front End Engineer Position – 

https://bricata.com/careers/front-end-engineer-position/

Senior Software Engineer Position – https://bricata.com/careers/senior-software-engineer-position/

NorthEast Sales Engineer – 

https://www.corelight.com/company/careers/2329648

Cloud Architect – 

https://www.corelight.com/company/careers/2294603

DACH Regional Sales Director – 

https://www.corelight.com/company/careers/2315621

Director of Strategic Alliances – 

https://www.corelight.com/company/careers/2206292

Inside Sales Representative – 

https://www.corelight.com/company/careers/2317580

Sr. Zeek/Bro Engineer – 

https://www.linkedin.com/jobs/view/2002831241


Volunteer Opportunities

  • Newsletter – adopt a section, contribute links, help edit, help promote
  • Blog Content  – we are always in search of new Zeek content, how to’s and more 
  • Interviews – we have a list of people we would like to interview….would you like to get to know people in the community, tell their stories and promote their work?
  • Community Calls – would you like to get involved and help lead these calls?
  • Webinars – Everything from helping to upload to Youtube, write a summary post and help promote.

If you are interested in helping with any of the above, please let me know. We’ll work with you and help keep it light and easy.  Thanks in advance!


Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Join the conversation on Slack

Follow us on Twitter

%d