We are thrilled to announce the winners of the third Zeek Package Contest, which was sponsored by Corelight.

The contest was open to all Zeek packages compatible with Zeek 3.0 and above. 

Below is a list of the winners and links to the packages that were submitted (package descriptions are from GitHub). Each contributor to the contest will also receive a Zeek Package Contest challenge coin.

  • First Place ($2000.00) – Zeek-bogon contributed by Zander Work. This package adds labels to bogon IP addresses when they appear in conn.log.
  • 2nd Place ($1000.00) – remote_asn_geoip_conn contributed by Michael Portera. This package adds ASN and GeoIP data directly to conn.log for the remote connection. The script checks the orig and resp host fields to determine which one is not defined as part of the local IP ranges and subsequently performs a lookup on the MaxMind ASN and GeoIP databases.
  • 3rd Place ($500.00) – Bad ASN – contributed by Hudson Carr. This Zeek package performs ASN lookups on the remote connection’s IP address from conn.log. It furthermore retrieves the score from  CIRCL’s Bad ASN API. ASNs that cross a determined threshold will be written to notice.log. 

Going forward, anyone who open sources their Zeek Packages through the Zeek Package manager will be contacted and sent a Zeek Challenge Coin (sponsored by Corelight). 

  • 2021 Coins will be issued for submissions between January and September 2021
  • 2022 Coins will be issued for submissions between October 2021 and September 2022
  • 2023 Coins will be issued for submissions between October 2022 and September 2023

Thank you to all those who not only competed and judged this competition, but also to all those who gave feedback on the community calls and via the survey. Your feedback is important as it helps us improve each competition. 

Again, many thanks to our winners and all those who participated!!

%d bloggers like this: