Issue 8 – February 2021
Welcome to the first Zeek Newsletter of 2021!
In this Issue:
- Development Updates
- Zeek Blog
- Zeek In the Community
- New Zeek Packages
- Zeek in the Enterprise
- Upcoming Events
- Zeek Related Jobs
- Volunteer Opportunities
Zeek releases: 4.0 RC
New and significantly expanded Zeek documentation: https://zeek.org/2021/02/02/just-released-new-and-improved-zeek-documentation/
Save the Date for ZeekWeek 2021! 13-15 October, Austin, TX: https://zeek.org/2021/02/03/save-the-date-zeekweek-2021-hybrid-event/
Revised Zeek webinar time slots, for our global community:
- second Tuesday of each month, at 2pm CET/8am ET (European Time Zone)
- fourth Tuesday of each month, 1pm ET (US Time Zone)
The monthly Zeek Community call will now occur Wednesdays 1pm ET, to allow for broader participation.
Since our last newsletter, 16 new Zeek Packages were added to the Zeek Package Manager.
Volunteer Opportunities: Do you have an hour or two a week that you would like to give to the project? We have several areas where your help would be greatly appreciated. Please contact email@example.com.
Zeek 4.0 RC 2 released: https://zeek.org/2020/12/15/zeek-4-0-release-candidate/
More information about the project’s release cadence:
New Zeek Documentation Released –https://zeek.org/2021/02/02/just-released-new-and-improved-zeek-documentation/
ZeekWeek 2021 – Save the Date – https://zeek.org/2021/02/03/save-the-date-zeekweek-2021-hybrid-event/
Blog – https://zeek.org/blog/
Zeek Mailing List – January 2021 – https://firstname.lastname@example.org/2021/1/
Zeek in the Community
Why North Carolina outsourced election cybersecurity to a ‘CISO-as-a-service’ – https://statescoop.com/north-carolina-election-cybersecurity-ciso-as-a-service/
Brim – What’s better than Brim and Zeek? Brim, Zeek and Suricata! – https://www.brimsecurity.com/blog/2020/12/whats-better-than-brim-and-zeek-brim-zeek-and-suricata/
Brim – What’s new in Brim v0.22.0? – https://www.brimsecurity.com/blog/2021/01/whats-new-in-brim-v0.22.0/
Security Onion – CVE-2021-3156: Heap-Based Buffer Overflow in Sudo – https://blog.securityonion.net/2021/01/cve-2021-3156-heap-based-buffer.html
Security Onion – 3 month EOL notice for Security Onion 16.04 – https://blog.securityonion.net/2021/01/3-month-eol-notice-for-security-onion.html
Security Onion Documentation printed book now available for Security Onion 2! – https://blog.securityonion.net/2021/01/security-onion-documentation-printed.html
Security Onion 16.04.7.2 ISO image now available featuring Zeek 3.0.11, Suricata 5.0.5, Snort 188.8.131.52, Elastic 7.9.3, and more! – https://blog.securityonion.net/2020/12/security-onion-160472-iso-image-now.html
New Zeek Packages
Log All HTTP Headers – https://github.com/sethhall/zeek-log-all-http-headers
Zeek Bogon Networks Package – https://github.com/captainGeech42/zeek-bogon
My_stats – https://github.com/corelight/my_stats
Zeek Package for Log Filter – https://github.com/esnet-security/logfilter
Spicy Runtime for Zeek – https://github.com/zeek/spicy-runtime
Zeek::TFTP – https://github.com/zeek/spicy-tftp
Zerologon – https://github.com/corelight/zerologon
CVE-2020-16898-Bad-Neighbor – https://github.com/initconf/CVE-2020-16898-Bad-Neighbor
Icmp-scans – https://github.com/initconf/icmp-scans
Zeek-quic – https://github.com/corelight/zeek-quic
Icsnpp-bacnet – https://github.com/cisagov/icsnpp-bacnet
Icsnpp-bsap-ip – https://github.com/cisagov/icsnpp-bsap-ip
Icsnpp-bsap-serial – https://github.com/cisagov/icsnpp-bsap-serial
Icsnpp-dnp3 – https://github.com/cisagov/icsnpp-dnp3
Icsnpp-enip – https://github.com/cisagov/icsnpp-enip
Icsnpp-modbus – https://github.com/cisagov/icsnpp-modbus
Zeek in the Enterprise
Finding SUNBURST backdoor with Zeek logs & Corelight – https://corelight.blog/2020/12/15/finding-sunburst-backdoor-with-zeek-logs-and-corelight/
Experience Bricata Network Detection and Response in Minutes – https://bricata.com/blog/bricatalabs/
Introducing the Corelight Cloud Sensor for GCP – https://corelight.blog/2020/11/24/introducing-corelight-cloud-sensor-gcp/
Suricata or Zeek? The answer is both. – https://bricata.com/blog/suricata-or-zeek-the-answer-is-both/
Plugin Framework, JSON Improvements (Release 2021.01.28) – https://tenzir.com/blog/release-2021-01-28/
Threat Bus Performance (Release 2020.11.26) – https://tenzir.com/blog/release-2020-11-26/
3 Feb 2021 – ZEEK COMMUNITY CALL – 1pm Eastern – Register to attend at: https://corelight.zoom.us/meeting/register/tJAqdu6gqzgvG9LqPt_zpfGex7NtR_HWMX27
9 Feb 2021 – ZEEK WEBINAR SERIES – 2pm CET/ 8am Eastern – “Book of Zeek” – Richard Bejtlich will discuss our new and significantly expanded Zeek documentation. Register to attend: https://event.webinarjam.com/register/8/z3rxytr
23 Feb 2021 – ZEEK WEBINAR SERIES – 1pm Eastern – “Book of Zeek” – Richard Bejtlich will discuss our new and significantly expanded Zeek documentation. Register to attend: https://event.webinarjam.com/register/4/405xva5
23 Feb 2021 – ZEEK COMMUNITY CTF – 2pm Eastern – Players will compete head-to-head on dozens of security challenges using Zeek data and Splunk, Elastic, or CLI tools. Sign up Today! Game winner will take home bragging rights, and a $100 Amazon Gift Card.
Register to attend: https://corelight.zoom.us/meeting/register/tJEkcuirqTguGNQArd2F4FEQjjXPHBU2FIY8
3 Mar 2021 – ZEEK COMMUNITY CALL – 1pm Eastern – Register to attend at: https://corelight.zoom.us/meeting/register/tJAqdu6gqzgvG9LqPt_zpfGex7NtR_HWMX27
9 Mar 2021 – ZEEK WEBINAR SERIES – 2pm CET/ 8am Eastern – Zeek 4.0 and beyond – Robin Sommer will discuss what’s new and improved in Zeek 4.0, as well as what is currently on the roadmap for 4.1. Register to attend: https://event.webinarjam.com/register/12/39nxvhp
18 Mar 2021 – ZEEK COMMUNITY CTF – 7-9am Pacific/10am-12:00pm Eastern – Players will compete head-to-head on dozens of security challenges using Zeek data and Splunk, Elastic, or CLI tools. Sign up Today! Game winner will take home bragging rights, and a $100 Amazon Gift Card.
Register to attend: https://corelight.zoom.us/j/98073252310?pwd=VStZd29rb2dCR1RUSjNpVDJQcFRYQT09
23 Mar 2021 – ZEEK WEBINAR SERIES – 1pm Eastern – Zeek 4.0 and beyond – Robin Sommer will discuss what’s new and improved Zeek in Zeek 4.0 as well as what is currently on the roadmap for 4.1. Register to attend: https://event.webinarjam.com/register/11/23vxztw
13-15 October 2021 – ZeekWeek – Save the date! We are currently planning for an in-person ZeekWeek event in Austin, Texas, providing it will be safe to gather in October. Seating will be limited at this event, and we will also have a remote participation option. More information coming soon.
More information about Zeek Events.
ZeekWeek Event – ZeekWeek is the annual gathering of defenders, developers, incident responders, threat hunters, and security architects who rely on Zeek. This is a 3 day event with tracks for training, users and developers. If you missed last year’s event you can find out more at: https://zeek.org/2020/11/06/virtual-zeekweek-2020-summary-slides-and-video/
Zeek Webinar Series – A month webinar series featuring Zeek users, developers and invited guests to discuss Zeek related topics and answer your questions. For 2021 we will start with bi-weekly presentations on the 2nd (2pm CET/ 8am Eastern) and 4th (1pm Eastern) Tuesdays of each month. These presentations ARE recorded and shared with the community.
About Zeek Community CTF (Capture the Flag) Events: These will be held monthly. Players will compete head-to-head on dozens of security challenges using Zeek data using Splunk, Elastic, or CLI tools.. Sign up Today! Game winner will take home bragging rights and a $100 Amazon Gift Card.
About Monthly Zeek Community Call: Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community. These calls ARE recorded.
Zeek Related Jobs
Network Engineer, Senior – 35372 – https://www.linkedin.com/jobs/view/2378242697/
Sr. Consultant Incident Response – Federal Services (Remote) – https://www.linkedin.com/jobs/view/2374931206
Sr. Consultant Incident Response – Federal Services (Remote) – https://www.linkedin.com/jobs/view/2374933040
Deputy Program Manager – https://www.linkedin.com/jobs/view/2367052904
Blue Team / Threat Hunter Researcher – https://www.linkedin.com/jobs/view/2384160337
Sr Incident Responder (Remote) – https://www.linkedin.com/jobs/view/2378822443
Malware Researcher – https://www.linkedin.com/jobs/view/2386057951
Training Lab Engineer – https://www.linkedin.com/jobs/view/2334970556
Senior Security Research Engineer –
Defensive Cyber Operations Network Sensor SME with Security Clearance – https://www.linkedin.com/jobs/view/2366534243
Lead DevSecOps Engineer – https://www.linkedin.com/jobs/view/2347953903
Defensive Cyber Operations Network Sensor SME – https://www.linkedin.com/jobs/view/2394989328
Software Engineer – https://www.linkedin.com/jobs/view/2354603913
Sr. Security Engineer – https://www.linkedin.com/jobs/view/2388206476
Junior Cyber Security Analyst (Tier I) with Security Clearance – https://www.linkedin.com/jobs/view/2366542210
Sales Engineer – Federal – https://www.corelight.com/company/careers/2579384
Sales Engineer – META – https://www.corelight.com/company/careers/2432194
Sales Engineer – SouthEast – https://www.corelight.com/company/careers/2561211
Director, Corelight Labs – https://www.corelight.com/company/careers/2547986
Research Infrastructure Engineer – https://www.corelight.com/company/careers/2575593
Director of Sales Enablement – https://www.corelight.com/company/careers/2534556
Director of Technical Alliances – https://www.corelight.com/company/careers/2206292
Director, Sales – Western US – https://www.corelight.com/company/careers/2456396
- Newsletter – adopt a section, contribute links, help edit, help promote
- Blog Content – we are always in search of new Zeek content, how to’s and more
- Interviews – we have a list of people we would like to interview….would you like to get to know people in the community, tell their stories and promote their work?
- Community Calls – would you like to get involved and help lead these calls?
- Webinars – everything from helping to upload to Youtube, write a summary post and help promote.
- Docs-team – do you use the Zeek documentation and are you interested in helping keep the Zeek documentation updated?