Additionally, paste this code immediately after the opening tag:

Issue 10 – May 2021 


In this Issue:

  • Highlights 
  • Zeek Blog
  • Zeek In The Community
  • New Zeek Packages
  • Upcoming Events
  • Zeek Related Jobs
  • Volunteer Opportunities
  • Get Involved

Join over 1500+ Zeek users and fans in 21 Zeek related Slack channels for real-time Q&A, feedback and discussion.


Highlights 

Two new Zeek Subgroups were announced:  Training and Testing 

‘Zeek in Action’ is a new series of videos that explain how Zeek can be used in real world situations. The first two contributions (with more coming soon):   Introduction and How to Set Up a Windows Workstation Using Brim Security and Suspected Malware Compromise

Zeek in Enterprise Day is scheduled for 16 June 2021, and ZeekWeek 2021 will take place on 13-15 October 2021 in Austin, Texas.  Registration and sponsorship information coming soon.


Zeek Blog

Zeek Monthly Newsletter – Issue 9 – April 2021 – https://zeek.org/2021/04/30/zeek-monthly-newsletter-issue-9-april-2021/

Announcing the Zeek Training Subgroup – https://zeek.org/2021/04/27/announcing-the-zeek-training-subgroup/

Zeek in Enterprise Day – https://zeek.org/2021/04/22/zeek-in-enterprise-day/

Announcing the Zeek Testing Subgroup – https://zeek.org/2021/04/21/announcing-the-zeek-testing-subgroup/

Zeek’s IPSec Protocol Analyzer – https://zeek.org/2021/04/20/zeeks-ipsec-protocol-analyzer/

Welcome to Zeek in Action, Video 1, Suspected Malware Compromise – https://zeek.org/2021/04/14/welcome-to-zeek-in-action-video-1-suspected-malware-compromise/

Spicy 1.0 — Robust Parsers for Protocols & File Formats – https://zeek.org/2021/04/13/spicy-1-0-robust-parsers-for-protocols-file-formats/

ZPC-3 Winners Announced – https://zeek.org/2021/04/08/zpc-3-winners-announced/

A Zeek OpenVPN Protocol Analyzer in Spicy – https://zeek.org/2021/04/08/a-zeek-openvpn-protocol-analyzer-in-spicy/

Zeek in Action: Introduction and How to Set Up a Windows Workstation Using Brim Security – https://zeek.org/2021/04/06/zeek-in-action-introduction-and-how-to-set-up-a-windows-workstation-using-brim-security/

Zeek Blog – https://zeek.org/blog/

Zeek Mailing list – April


Zeek in the Community

Public funds, public code! By Henrik Kramselund Jereminsen – https://www.version2.dk/blog/offentlige-midler-offentlig-kode-1092626

Detect C2 ‘RedXOR’ with state-based functionality – https://corelight.blog/2021/04/20/detect-c2-redxor-with-state-based-functionality/

Pingback: ICMP Tunneling Malware – https://corelight.blog/2021/05/07/pingback-icmp-tunneling-malware/

H&R Block seeks out open-source expertise for SOC – https://www.scmagazine.com/home/security-news/network-security/hr-block-seeks-out-open-source-expertise-to-stock-up-on-soc-talent/

Malcolm v3.1.0 – https://github.com/idaholab/Malcolm/releases

Security Onion Documentation printed book now updated for Security Onion 2.3.50! – https://blog.securityonion.net/2021/05/security-onion-documentation-printed.html

Security Onion 2.3.50 Hotfix available! – https://blog.securityonion.net/2021/05/security-onion-2350-hotfix-available.html

Security Onion 2.3.50 now available! – https://blog.securityonion.net/2021/04/security-onion-2350-now-available.html

Security Onion 16.04 has reached End Of Life – https://blog.securityonion.net/2021/04/security-onion-1604-has-reached-end-of.html

OpenCTI Integration and a Mature VAST Plugin Framework (Release 2021.04.29) – https://tenzir.com/blog/release-2021-04-29/


New Zeek Packages

Pingback – https://github.com/corelight/pingback


Upcoming Events 

May

27 May  2021 – Zeek Webinar Series –  New Ways to Speed Up Zeek Script Execution

 – 10am Pacific/1pm Eastern – Join Vern Paxson, Founder of Zeek,  as he goes over his latest work around compiling-scripts-to-C++. Zeek’s performance depends in part on how quickly the system executes the user’s scripts, as well as the many predefined scripts Zeek makes available. To date, this execution has used a high-level interpreter, which imposes considerable overhead.  This talk will sketch two new experimental features for executing scripts much more quickly: compiling them to a low-level form (“ZAM”), and directly to C++.  Register at: https://event.webinarjam.com/register/25/x4kmyhmm

June

2 June 2021 – Zeek Monthly Community Call – Join the monthly call to discuss topics related to the growth, governance and administration of the community. Register at: https://corelight.zoom.us/meeting/register/tJAqdu6gqzgvG9LqPt_zpfGex7NtR_HWMX27

8 June  2021 – Zeek Webinar Series –  TBA – 10am Pacific/1pm Eastern – Registration link -TBA

16 June 2021 – Zeek in Enterprise Day – 9am-1pm Pacific/12pm – 4pm Eastern – This is a virtual event.  Organizations which offer Zeek as part of its commercial solutions will be able to present to the Zeek Community. If you would like to present at this event please see the announcement. Registration link coming soon. 

22 June  2021 – Zeek Webinar Series –  TBA – 10am Pacific/1pm Eastern – Registration link -TBA

October

13-15 October 2021 – ZeekWeek 2021 – Save the date!  We are currently planning for an in-person ZeekWeek event in Austin, Texas.  Seating will be limited at this event, and we will also have a remote participation option.  More information coming soon. 

Past Webinars for 2021 (replay links)

You can see past webinars here

May Community Call 

Zeek Monthly Community Call – 5 May 2021 – Notes, Links to the Recording and more can be found at: https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/22TCOR5HLJ2TGVMITR3KYOL2PQI2ZKE6/

Zeek Webinar Series – This is a bi-weekly webinar series that includes Zeek related presentations, Zeek Q&A and more. We are consolidating the webinars previously known as ‘Ask the Zeekperts’ and ‘Zeek from Home’ into a single series, with a diversity of content planned.  

About Monthly Zeek Community Call:  Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community.  These calls ARE recorded.


Zeek Related Jobs

SOC Lead – https://www.linkedin.com/jobs/view/2382720691

Sr. Zeek/Bro Engineer  – https://www.linkedin.com/jobs/view/2430522106

Principal Software Engineer, Security – https://www.linkedin.com/jobs/view/2484370829

Sr. Zeek/Bro Engineer – https://www.linkedin.com/jobs/view/2294604452

Director, Incident Response (Remote) – https://www.linkedin.com/jobs/view/2404837718

Incident Response Specialist – https://www.linkedin.com/jobs/view/2407692778

FedGov Sr. Consultant, Incident Response – https://www.linkedin.com/jobs/view/2484034544

Escalation Engineer – https://www.linkedin.com/jobs/view/2535097439

Director, Applications  – https://www.linkedin.com/jobs/view/2493165163

Principal Software Engineer, Security – https://www.linkedin.com/jobs/view/2398741146

Defensive Cyber Operations Network Sensor SME with Security Clearance – https://www.linkedin.com/jobs/view/2554955722

Security Analyst  – https://www.linkedin.com/jobs/view/2523781880

And more – https://www.linkedin.com/jobs/search/?currentJobId=2523781880&keywords=zeek


Volunteer Opportunities

  • Blog Content  – we are always in search of new Zeek content, how to’s and more 
  • Interviews – we have a list of people we would like to interview….would you like to get to know people in the community, tell their stories and promote their work?
  • Community Calls – would you like to get involved and help lead these calls?
  • Webinars – Everything from helping to upload to Youtube, write a summary post and help promote.
  • Zeek in Action – is a series of videos for Zeek users and fans. The purpose of the series is to show how analysts can interpret data in Zeek and related formats to solve various networking challenges.
  • Documentation Subgroup – is the group that is responsible for keeping the Zeek Documentation up to date. If you would like to participate in this group, give feedback etc then this is the group for you.  Find out more information at: https://github.com/zeek/zeek/wiki/Documentation-Group
  • Training Subgroup – The Zeek training subgroup that will focus on formulating some preliminary goals for Zeek approved training and tackle broader topics in the area of Zeek training. Frequently, we are asked about where people can find Zeek-related training and whether there is a central place to find Zeek-related training content. Hence to address the needs of the community and in general have some training programs that are approved by the Zeek project, we are creating this subgroup to focus on these goals. 

Find out more information at: https://github.com/zeek/zeek/wiki/Training-Group

  • Testing Subgroup – The goal of the testing subgroup is to stress-test new versions of Zeek with real live traffic from a variety of environments to identify problems and bugs early, to ensure that new Zeek releases are stable and ready for the Zeek community. Find out more information at: https://github.com/zeek/zeek/wiki/Testing-Group

If you are interested in helping with any of the above, please let me know. We’ll work with you and help keep it light and easy.  Thanks in advance!


Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Join the conversation on Slack

Follow us on Twitter