Issue 9 – April  2021


In this Issue:

  • TL;DR 
  • Development Updates
  • Zeek Blog
  • Zeek In The Community
  • New Zeek Packages
  • Zeek in Enterprise
  • Upcoming Events
  • Zeek Related Jobs
  • Volunteer Opportunities
  • Get Involved

TL;DR

Zeek releases: 3.0.13, 3.2.4,4.0.0, 3.0.14 and 4.0.1, and Spicy 1.0

Notable blog posts topics: A Zeek OpenVPN Protocol Analyzer, Package management updates in Zeek 4, Zeek 4.0 LTS Release, Save the Date – ZeekWeek 2021 Hybrid Event, and Just Released – New and Improved Zeek Documentation – 

Related to Zeek: updates from Bricata, Corelight and Security Onion

Since our last newsletter, we have seen 5 new Zeek Packages added to the Zeek Package Manager.

Zeek Events Webinars:  Compiling Scripts To C++ with Vern Paxson

Past Zeek Webinars (replay links) – Spicy, Zeek Package Manager, and Zeek 4.0

Volunteer Opportunities: Do you have an hour or two a week that you would like to give to the project? We have several areas where your help would be greatly appreciated.


Development Updates

Zeek security/bugfix releases: 3.0.13 and 3.2.4 – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/UIOWWQZDXP2HPH4EKHYS4UGFQVBS2H2N/

Zeek 4.0.0 released – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/P4ODDM7M3DOWJJCUOKKLT7NYEOWWN5WJ/

Zeek security/bugfix releases: 3.0.14 and 4.0.1 – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/C7UA5NE7M3MMVNKPOYCDAT56FUIFTFWN/

Spicy 1.0 released – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/K6ZJEALKE237BSLDNQUPMB6U66BW35SE/

More information about project release cadence:


Zeek Blog

A Zeek OpenVPN Protocol Analyzer – https://zeek.org/2021/03/16/a-zeek-openvpn-protocol-analyzer/

Package management updates in Zeek 4 – https://zeek.org/2021/03/15/package-management-updates-in-zeek-4/

Zeek 4.0 LTS Release – https://zeek.org/2021/03/01/zeek-4-0-lts-release/

Zeek Monthly Newsletter – Issue 8 – February 2021 – https://zeek.org/2021/02/05/zeek-monthly-newsletter-issue-8-february-2021/

Save the Date – ZeekWeek 2021 Hybrid Event – https://zeek.org/2021/02/03/save-the-date-zeekweek-2021-hybrid-event/

Just Released – New and Improved Zeek Documentation – https://zeek.org/2021/02/02/just-released-new-and-improved-zeek-documentation/

Zeek Blog – https://zeek.org/blog/

Zeek Mailing list – February, March


Zeek in the Community

Brimming With Possibilities: Query zqd & Mine Logs with zq from R – https://rud.is/b/2021/03/01/brimming-with-possibilities-query-zqd-mine-logs-with-zq-from-r/

Miter Att&ck: for a perfect knowledge of the techniques and tactics used by the attackers – https://www.globalsecuritymag.fr/Mitre-Att-ck-pour-une-parfaite,20210208,107972.html

Security Onion 2.3.40 now available! – https://blog.securityonion.net/

1 month EOL notice for Security Onion 16.04 – https://blog.securityonion.net/2021/03/1-month-eol-notice-for-security-onion.html

Security Onion 16.04.7.3 ISO image now available featuring Zeek 3.0.13, Suricata 5.0.6, Elastic 7.10.2, and more!  – https://blog.securityonion.net/2021/03/security-onion-160473-iso-image-now.html

Official Security Onion AMI now available in AWS Marketplace!  – https://blog.securityonion.net/2021/03/official-security-onion-ami-now.html

Suricata 5.0.6 now available for Security Onion 16.04!  – https://blog.securityonion.net/2021/03/suricata-506-now-available-for-security.html

10% Early Bird discount for 4-day Security Onion 2 Fundamentals for Analysts and Admins Training Class  – https://blog.securityonion.net/2021/03/10-early-bird-discount-for-4-day.html

Security Onion 2.3.30 now available! – https://blog.securityonion.net/2021/03/security-onion-2330-now-available.html


New Zeek Packages

Zeek::openvpn – https://github.com/corelight/zeek-openvpn

Spicy Analyzers – https://github.com/zeek/spicy-analyzers

CIF-Zeek – https://github.com/sfinlon/cif-zeek

Zeek-intel-path – https://github.com/sfinlon/cif-zeek

Zeek-kafka – https://github.com/seisollc/zeek-kafka


Zeek In the Enterprise

Experience Bricata Network Detection and Response in Minutes – https://bricata.com/blog/bricatalabs/

Exchange exploitation and architecting for visibility – https://corelight.blog/2021/03/16/exchange-exploitation-and-architecting-for-visibility/

Translating query into action  – https://corelight.blog/2021/03/15/translating-query-into-action/

Getting the most out of your NIDS  – https://corelight.blog/2021/03/08/getting-the-most-out-of-your-nids/


Upcoming Events 

May

25 May  2021 – ZEEK WEBINAR SERIES –  COMPILING SCRIPTS TO C++ – 10am Pacific/1pm Eastern – Join Vern Paxson, Founder of Zeek,  as he goes over his latest work around compiling-scripts-to-C++.  Register at – https://event.webinarjam.com/register/25/x4kmyhmm

October

13-15 October 2021ZeekWeek – Save the date!  We are currently planning for an in-person ZeekWeek event in Austin, Texas, providing it will be safe to gather in October.  Seating will be limited at this event, and we will also have a remote participation option.  More information coming soon. 

Past Webinars for 2021 (replay links)

ZEEK 4.0 – https://event.webinarjam.com/replay/12/7q09vu8flbpbm5

SPICY –  https://event.webinarjam.com/replay/16/6893vfka6fofv1

ZEEK PACKAGE MANAGER – https://event.webinarjam.com/replay/22/qr3nya9h1vsxqs9n

Zeek Webinar Series – This is a bi-weekly webinar series that includes Zeek related presentations, Zeek Q&A and more. We are consolidating the webinars previously known as ‘Ask the Zeekperts’ and ‘Zeek from Home’ into a single series, with a diversity of content planned.  

About Monthly Zeek Community Call:  Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community.  These calls ARE recorded.


Zeek Related Jobs

Deputy Program Manager – https://www.linkedin.com/jobs/view/2367052904/

Principal Software Engineer, Security – https://www.linkedin.com/jobs/view/2484370829/

FedGov Sr. Consultant, Incident Response – https://www.linkedin.com/jobs/view/2484034544/

CND Migration Engineer – https://www.linkedin.com/jobs/view/2482227892/

Incident Response Specialist – https://www.linkedin.com/jobs/view/2407692778/

Information Security Analyst – https://www.linkedin.com/jobs/view/2482842738/

Sr. Network Security Instructor (Contract) – https://www.linkedin.com/jobs/view/2436451580/

Director, Incident Response (Remote) – https://www.linkedin.com/jobs/view/2404837718/

Detection & Response Security Engineer – https://www.linkedin.com/jobs/view/2502595373/

Junior Cyber Security Analyst – https://www.linkedin.com/jobs/view/2486281001/

Security Analyst (Remote – US) – https://www.linkedin.com/jobs/view/2502251568/

Junior Analytic Developer – https://www.linkedin.com/jobs/view/2481168219/

Sr. Zeek/Bro Engineer – https://www.linkedin.com/jobs/view/2294604452/

Deputy Program Manager – https://www.linkedin.com/jobs/view/2367052904/

SOC Lead – https://www.linkedin.com/jobs/view/2382720691/

Information Security Analyst – https://www.linkedin.com/jobs/view/2489806917/

Defensive Cyber Operations Network Sensor SME with Security Clearance – https://www.linkedin.com/jobs/view/2515181601/

And much more – http://bit.ly/LinkedInJobsSeachIssue9ZeekNewsletter


Volunteer Opportunities

  • Newsletter – adopt a section, contribute links, help edit, help promote
  • Blog Content  – we are always in search of new Zeek content, how to’s and more 
  • Interviews – we have a list of people we would like to interview….would you like to get to know people in the community, tell their stories and promote their work?
  • Community Calls – would you like to get involved and help lead these calls?
  • Webinars – Everything from helping to upload to Youtube, write a summary post and help promote.

If you are interested in helping with any of the above, please let me know. We’ll work with you and help keep it light and easy.  Thanks in advance!


Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Join the conversation on Slack

Follow us on Twitter

%d bloggers like this: