Issue 14 – November 2021
Welcome to the Zeek Monthly Newsletter!
In this Issue:
- Development Updates
- Zeek Blog and Mailing List
- Zeek in the Community
- Zeek Package Updates
- Zeek in the Enterprise
- Upcoming Events
- Zeek Related Jobs
- Get Involved
The big news was the 2021 Zeek Week. All videos are now online:
- Schedule Page – https://zeek.org/zeekweek2021/schedule/
- Day 1 – https://www.youtube.com/playlist?list=PL2EYTX8UVCMiGe43IJO48tuDZ1kVMaQsR
- Day 2 – https://www.youtube.com/playlist?list=PL2EYTX8UVCMggoKdFZjVhhwgI6RikEHeN
- Day 3 – https://www.youtube.com/playlist?list=PL2EYTX8UVCMhkUSZ-je5yXzCEyKi9vqec
See the Zeek blog for a summary of each session – https://zeek.org/2021/12/10/zeekweek-2021-summary-slides-videos-and-more-now-available/
Zeek 4.0.4 and Zeek 4.1.1 remain the LTS and development releases, respectively. Recall that Zeek 4.0.x is the current Long Term Support (LTS) release, while Zeek 4.1.x is the development release with the newest features. We encourage users to run one of these releases as they incorporate the latest security fixes.
See these links for more information about project release cadence:
Zeek Blog and Mailing List
On November 5, Anthony Kasza published a summary of the results of the ZeekWeek2021 Capture the Flag event.
On November 18, Johanna Amann prompted a discussion of retiring the mailist list and replacing it with Discourse or an equivalent. Please join the discussion here:
For more, see the blog and mailing list archive:
Zeek in the Community
Phil Rzewski and the Brim team released new GA releases of the Brim desktop app (v0.28.0) and Zed backend/CLI tooling (v0.33.0). We sometimes use Brim to demonstrate how to analyze Zeek data in our Zeek in Action videos.
Richard Bejtlich published two new Zeek in Action videos:
- Installing Zeek from Scratch: https://www.youtube.com/watch?v=2lZ0q9frybs
- Capture Loss Statistics: https://www.youtube.com/watch?v=5omLzipjHak
Security Onion released version 2.3.90. This version “now supports Ubuntu 20.04 but for new installations only. We will add support for in-place upgrades from Ubuntu 18.04 to 20.04 in a later release.” For details see:
Zeek Package Updates
The following packages reported updates in November, via this search.
- Add zeek/spicy-ldap – #170 by bbannier
- Added zeek-spicy-wireguard – #169 by keithjjones
- Added zeek-spicy-openvpn – #168 by keithjjones
- Added zeek-spicy-facefish – #167 by keithjjones
- Added zeek-spicy-stun – #166 by keithjjones
- Added zeek-spicy-ipsec – #165 by keithjjones
- Added zeek-spicy-ospf analyzer – #164 by keithjjones
- Add our new Hello World package – #163 by ckreibich
- Add: Qintel QSentry package – #162 by scott-qintel
- Added Corelight CVE-2021-42292 – #161 by keithjjones
Please see package.zeek.org for more information on these and other Zeek Packages.
Zeek in the Enterprise
On November 2, Corelight announced product compatibility with Microsoft Defender for IoT. Corelight customers can send data from sensors to Microsoft 365 Defender, and in turn to Defender for IoT. For more, see:
Zeek Monthly Webinar Series: This is a bi-weekly webinar series held on the 2nd and 4th Tuesdays of each month featuring Zeek users, developers and invited guests. These presentations ARE recorded and shared with the community.
Monthly Zeek Community Call: Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community. These calls ARE recorded.
For details, see: https://zeek.org/events/
Zeek Related Jobs
The following are a sampling of job opportunities that mention Zeek skills.
- Associate, Cybersecurity, Managed Detection and Response Analyst
- Ankura Washington, DC Remote
- Threat Intelligence Investigator | Remote
- Oracle United States Remote
- Principal Network Security Researcher
- Battelle Chantilly, VA
- Stay up to date by subscribing to the Zeek Mailing List.
- Join the conversation on Slack.
- Follow us on Twitter.
See you next time!