Issue 9 – April 2021
In this Issue:
- TL;DR
- Development Updates
- Zeek Blog
- Zeek In The Community
- New Zeek Packages
- Zeek in Enterprise
- Upcoming Events
- Zeek Related Jobs
- Volunteer Opportunities
- Get Involved
TL;DR
Zeek releases: 3.0.13, 3.2.4,4.0.0, 3.0.14 and 4.0.1, and Spicy 1.0
Notable blog posts topics: A Zeek OpenVPN Protocol Analyzer, Package management updates in Zeek 4, Zeek 4.0 LTS Release, Save the Date – ZeekWeek 2021 Hybrid Event, and Just Released – New and Improved Zeek Documentation –
Related to Zeek: updates from Bricata, Corelight and Security Onion
Since our last newsletter, we have seen 5 new Zeek Packages added to the Zeek Package Manager.
Zeek Events Webinars: Compiling Scripts To C++ with Vern Paxson
Past Zeek Webinars (replay links) – Spicy, Zeek Package Manager, and Zeek 4.0
Volunteer Opportunities: Do you have an hour or two a week that you would like to give to the project? We have several areas where your help would be greatly appreciated.
Development Updates
Zeek security/bugfix releases: 3.0.13 and 3.2.4 – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/UIOWWQZDXP2HPH4EKHYS4UGFQVBS2H2N/
Zeek 4.0.0 released – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/P4ODDM7M3DOWJJCUOKKLT7NYEOWWN5WJ/
Zeek security/bugfix releases: 3.0.14 and 4.0.1 – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/C7UA5NE7M3MMVNKPOYCDAT56FUIFTFWN/
Spicy 1.0 released – https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/K6ZJEALKE237BSLDNQUPMB6U66BW35SE/
More information about project release cadence:
- https://github.com/zeek/zeek/wiki/Release-Cadence
- https://github.com/zeek/zeek/wiki/Security-Release-Process
Zeek Blog
A Zeek OpenVPN Protocol Analyzer – https://zeek.org/2021/03/16/a-zeek-openvpn-protocol-analyzer/
Package management updates in Zeek 4 – https://zeek.org/2021/03/15/package-management-updates-in-zeek-4/
Zeek 4.0 LTS Release – https://zeek.org/2021/03/01/zeek-4-0-lts-release/
Zeek Monthly Newsletter – Issue 8 – February 2021 – https://zeek.org/2021/02/05/zeek-monthly-newsletter-issue-8-february-2021/
Save the Date – ZeekWeek 2021 Hybrid Event – https://zeek.org/2021/02/03/save-the-date-zeekweek-2021-hybrid-event/
Just Released – New and Improved Zeek Documentation – https://zeek.org/2021/02/02/just-released-new-and-improved-zeek-documentation/
Zeek Blog – https://zeek.org/blog/
Zeek Mailing list – February, March
Zeek in the Community
Brimming With Possibilities: Query zqd & Mine Logs with zq from R – https://rud.is/b/2021/03/01/brimming-with-possibilities-query-zqd-mine-logs-with-zq-from-r/
Miter Att&ck: for a perfect knowledge of the techniques and tactics used by the attackers – https://www.globalsecuritymag.fr/Mitre-Att-ck-pour-une-parfaite,20210208,107972.html
Security Onion 2.3.40 now available! – https://blog.securityonion.net/
1 month EOL notice for Security Onion 16.04 – https://blog.securityonion.net/2021/03/1-month-eol-notice-for-security-onion.html
Security Onion 16.04.7.3 ISO image now available featuring Zeek 3.0.13, Suricata 5.0.6, Elastic 7.10.2, and more! – https://blog.securityonion.net/2021/03/security-onion-160473-iso-image-now.html
Official Security Onion AMI now available in AWS Marketplace! – https://blog.securityonion.net/2021/03/official-security-onion-ami-now.html
Suricata 5.0.6 now available for Security Onion 16.04! – https://blog.securityonion.net/2021/03/suricata-506-now-available-for-security.html
10% Early Bird discount for 4-day Security Onion 2 Fundamentals for Analysts and Admins Training Class – https://blog.securityonion.net/2021/03/10-early-bird-discount-for-4-day.html
Security Onion 2.3.30 now available! – https://blog.securityonion.net/2021/03/security-onion-2330-now-available.html
New Zeek Packages
Zeek::openvpn – https://github.com/corelight/zeek-openvpn
Spicy Analyzers – https://github.com/zeek/spicy-analyzers
CIF-Zeek – https://github.com/sfinlon/cif-zeek
Zeek-intel-path – https://github.com/sfinlon/cif-zeek
Zeek-kafka – https://github.com/seisollc/zeek-kafka
Zeek In the Enterprise
Experience Bricata Network Detection and Response in Minutes – https://bricata.com/blog/bricatalabs/
Exchange exploitation and architecting for visibility – https://corelight.blog/2021/03/16/exchange-exploitation-and-architecting-for-visibility/
Translating query into action – https://corelight.blog/2021/03/15/translating-query-into-action/
Getting the most out of your NIDS – https://corelight.blog/2021/03/08/getting-the-most-out-of-your-nids/
Upcoming Events
May
25 May 2021 – ZEEK WEBINAR SERIES – COMPILING SCRIPTS TO C++ – 10am Pacific/1pm Eastern – Join Vern Paxson, Founder of Zeek, as he goes over his latest work around compiling-scripts-to-C++. Register at – https://event.webinarjam.com/register/25/x4kmyhmm
October
13-15 October 2021 – ZeekWeek – Save the date! We are currently planning for an in-person ZeekWeek event in Austin, Texas, providing it will be safe to gather in October. Seating will be limited at this event, and we will also have a remote participation option. More information coming soon.
Past Webinars for 2021 (replay links)
ZEEK 4.0 – https://event.webinarjam.com/replay/12/7q09vu8flbpbm5
SPICY – https://event.webinarjam.com/replay/16/6893vfka6fofv1
ZEEK PACKAGE MANAGER – https://event.webinarjam.com/replay/22/qr3nya9h1vsxqs9n
Zeek Webinar Series – This is a bi-weekly webinar series that includes Zeek related presentations, Zeek Q&A and more. We are consolidating the webinars previously known as ‘Ask the Zeekperts’ and ‘Zeek from Home’ into a single series, with a diversity of content planned.
About Monthly Zeek Community Call: Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community. These calls ARE recorded.
Zeek Related Jobs
Deputy Program Manager – https://www.linkedin.com/jobs/view/2367052904/
Principal Software Engineer, Security – https://www.linkedin.com/jobs/view/2484370829/
FedGov Sr. Consultant, Incident Response – https://www.linkedin.com/jobs/view/2484034544/
CND Migration Engineer – https://www.linkedin.com/jobs/view/2482227892/
Incident Response Specialist – https://www.linkedin.com/jobs/view/2407692778/
Information Security Analyst – https://www.linkedin.com/jobs/view/2482842738/
Sr. Network Security Instructor (Contract) – https://www.linkedin.com/jobs/view/2436451580/
Director, Incident Response (Remote) – https://www.linkedin.com/jobs/view/2404837718/
Detection & Response Security Engineer – https://www.linkedin.com/jobs/view/2502595373/
Junior Cyber Security Analyst – https://www.linkedin.com/jobs/view/2486281001/
Security Analyst (Remote – US) – https://www.linkedin.com/jobs/view/2502251568/
Junior Analytic Developer – https://www.linkedin.com/jobs/view/2481168219/
Sr. Zeek/Bro Engineer – https://www.linkedin.com/jobs/view/2294604452/
Deputy Program Manager – https://www.linkedin.com/jobs/view/2367052904/
SOC Lead – https://www.linkedin.com/jobs/view/2382720691/
Information Security Analyst – https://www.linkedin.com/jobs/view/2489806917/
Defensive Cyber Operations Network Sensor SME with Security Clearance – https://www.linkedin.com/jobs/view/2515181601/
And much more – http://bit.ly/LinkedInJobsSeachIssue9ZeekNewsletter
Volunteer Opportunities
- Newsletter – adopt a section, contribute links, help edit, help promote
- Blog Content – we are always in search of new Zeek content, how to’s and more
- Interviews – we have a list of people we would like to interview….would you like to get to know people in the community, tell their stories and promote their work?
- Community Calls – would you like to get involved and help lead these calls?
- Webinars – Everything from helping to upload to Youtube, write a summary post and help promote.
If you are interested in helping with any of the above, please let me know. We’ll work with you and help keep it light and easy. Thanks in advance!
Get Involved
If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.
More information about the newsletter can be found here.
Stay up to date by subscribing to the Zeek Mailing List.
Join the conversation on Slack.
Follow us on Twitter