Additionally, paste this code immediately after the opening tag:

Issue 14 – November 2021

Welcome to the Zeek Monthly Newsletter

In this Issue:

  • TL;DR 
  • Development Updates
  • Zeek Blog and Mailing List
  • Zeek in the Community
  • Zeek Package Updates
  • Zeek in the Enterprise
  • Upcoming Events
  • Zeek Related Jobs
  • Get Involved

TL;DR

The big news was the 2021 Zeek Week. All videos are now online:

See the Zeek blog for a summary of each session – https://zeek.org/2021/12/10/zeekweek-2021-summary-slides-videos-and-more-now-available/


Development Updates

Zeek 4.0.4 and Zeek 4.1.1 remain the LTS and development releases, respectively. Recall that Zeek 4.0.x is the current Long Term Support (LTS) release, while Zeek 4.1.x is the development release with the newest features. We encourage users to run one of these releases as they incorporate the latest security fixes.

See these links for more information about project release cadence:


Zeek Blog and Mailing List

On November 5, Anthony Kasza published a summary of the results of the ZeekWeek2021 Capture the Flag event.

https://zeek.org/2021/11/05/zeekweek-2021-capture-the-flag-summary/ 

On November 18, Johanna Amann prompted a discussion of retiring the mailist list and replacing it with Discourse or an equivalent. Please join the discussion here:

https://lists.zeek.org/archives/list/zeek@lists.zeek.org/thread/VLAAMGVG3NWTEMWV5QKL3GGFLNUCHCXU/ 

For more, see the blog and mailing list archive:

https://zeek.org/blog/

https://lists.zeek.org/archives/list/zeek@lists.zeek.org/2021/11/ 


Zeek in the Community

Phil Rzewski and the Brim team released new GA releases of the Brim desktop app (v0.28.0) and Zed backend/CLI tooling (v0.33.0). We sometimes use Brim to demonstrate how to analyze Zeek data in our Zeek in Action videos. 

Richard Bejtlich published two new Zeek in Action videos:

Security Onion released version 2.3.90. This version “now supports Ubuntu 20.04 but for new installations only. We will add support for in-place upgrades from Ubuntu 18.04 to 20.04 in a later release.” For details see:

https://blog.securityonion.net/2021/11/security-onion-2390-now-available.html 


Zeek Package Updates

The following packages reported updates in November, via this search.

  • Add zeek/spicy-ldap – #170 by bbannier 
  • Added zeek-spicy-wireguard – #169 by keithjjones 
  • Added zeek-spicy-openvpn – #168 by keithjjones 
  • Added zeek-spicy-facefish – #167 by keithjjones
  • Added zeek-spicy-stun – #166 by keithjjones 
  • Added zeek-spicy-ipsec – #165 by keithjjones 
  • Added zeek-spicy-ospf analyzer – #164 by keithjjones 
  • Add our new Hello World package – #163 by ckreibich 
  • Add: Qintel QSentry package – #162 by scott-qintel 
  • Added Corelight CVE-2021-42292 – #161 by keithjjones 

Please see package.zeek.org for more information on these and other Zeek Packages.


Zeek in the Enterprise

On November 2, Corelight announced product compatibility with Microsoft Defender for IoT. Corelight customers can send data from sensors to Microsoft 365 Defender, and in turn to Defender for IoT. For more, see:

https://corelight.com/company/corelight-announces-integration-for-microsoft-defender-for-iot-as-a-data-source-for-the-platform 


Upcoming Events 

Zeek Monthly Webinar Series:  This is a bi-weekly webinar series held on the 2nd and 4th Tuesdays of each month featuring Zeek users, developers and invited guests.  These presentations ARE recorded and shared with the community.

Monthly Zeek Community Call: Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community.  These calls ARE recorded.

For details, see: https://zeek.org/events/ 


Zeek Related Jobs

The following are a sampling of job opportunities that mention Zeek skills.

For more, see https://www.linkedin.com/jobs/search/?geoId=103644278&keywords=zeek


Get Involved

If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.

See you next time!

 

%d bloggers like this: