Additionally, paste this code immediately after the opening tag:

Functions, hooks, and events. Oh my!

I recently attempted to better understand script execution flow. As Zeek’s scripting language is heavily driven by events, debugging scripts can, at times, be frustrating and surprising. In an effort to reduce both frustration and surprises for others in the...

7 Dos And Don’ts For Zeek Scripting

This post serves as an introduction to some of the pitfalls I had to learn about whilst writing scripts. Hopefully, they help you avoid the same pitfalls. In some of the below example code snippets, bold font is used to emphasize a particular pitfall. If you’d like to...

Writing My First Protocol Analyzer

I recently tried my hand at writing my first protocol analyzer for Zeek. This is something that I’ve wanted to accomplish since first learning about Zeek. I recall trying to concatenate all the strings from tcp_contents() and parse application layer data using string...