Zeek Blog
Virtual ZeekWeek 2020: Summary, Slides and Video
Virtual ZeekWeek 2020: Summary, Slides and Video – The global community of Zeek users and developers gathered virtually last month, October 13-15, for the annual ZeekWeek (formerly BroCon) event.
ZeekWeek 2020 Capture the Flag Summary
As part of the most recent ZeekWeek event a capture the flag (CTF) competition was available for attendees to play. The competition included 12 challenges, of varying difficulties, which involved tasks surrounding Zeek scripting and traffic analysis. After a...
New Zeek Leadership Team Announced
The Zeek Project is excited to announce the election of a new Zeek Leadership Team (LT). This group of volunteers will be responsible for providing advice and oversight to the whole of the project, and ensuring the health, vibrancy, and sustainability of our...
Zeek Monthly Newsletter – Issue 7 – September 2020
Issue 7 - September 2020 Welcome to the Zeek Monthly Newsletter! Issue 7 covers July and August 2020, as well as upcoming events. In this Issue: TL;DR Development UpdatesZeek BlogZeek In The CommunityNew Zeek PackagesZeek in EnterpriseUpcoming EventsZeek...
Testimonial Phase for Zeek Leadership Team Elections Now Open
We are now in the Testimonial Phase of the Zeek Leadership Team (LT) elections. Thank you so much to all of you who provided nominations. The LT reviewed each nomination and the following individuals will be running for a seat on the LT: Aashish...
ZPC-3 Developers Phase Open
The 3rd Zeek Package Contest (ZPC-3) is currently underway! In the first phase of this contest, community members had the chance to submit their ideas for a compelling new Zeek package. Here are the submissions we received: Package to detect known C2...
Virtual ZeekWeek 2020 – Call For Presentations, and Registration Now Open
Virtual ZeekWeek 2020 will be held 13 - 15 October, from 9am - 1:20pm PDT. ZeekWeek is the annual gathering of defenders, developers, incident responders, threat hunters, and security architects who rely on open-source Zeek as a critical element in their...
Save the Date – Virtual ZeekWeek 2020 – Announced
Save The Date After much discussion, we are excited to announce that Virtual ZeekWeek 2020 will take place on 13-15 October 2020 from 9am to 1:20pm PDT. Attendees will be able to “Zeek-out” on workshops, training, community presentations and you’ll be able to...
Zeek Leadership Team Elections – Nominations Phase Now Open
Early today the Zeek Leadership Team (LT) announced the new Zeek governance framework and process. As noted, we are holding our very first Zeek Project LT elections this year. The first phase of the election process is the nominations phase. There are 9...
New Zeek Governance Framework Announced
Over the last 25 years, the open source Zeek (formerly Bro) Project has experienced remarkable growth. From humble origins as a tool to accelerate network research, Zeek has evolved into a critical platform for network defenders around the world, and has become the...
Zeek 3.2 Released
(This is an updated version of the previous RC announcement.) We are very happy to make Zeek 3.2 available today. Some highlights of the new release include: Zeek now supports synchronizing tables/sets across clusters through a backing Broker data store. The same...
Zeek Mailing List Migration
We recently migrated our mailing lists to a new mailing list host - and domain. All of our mailing lists are now hosted at lists.zeek.org; this includes the interface to join the list, as well as the list archives. This also means that all of our mailing lists now use...
Zeek 3.2 Release Candidate Available—and Zeek 3.1.5 and Zeek 3.0.8 as well
We are very happy to make a first release candidate of Zeek 3.2 available today. Barring any unforeseen issues, the final 3.2 release should be out in about two weeks from now. We highlight some updates in 3.2 below. Please see NEWS for full release notes, and CHANGES...
Zeek Package Contest – ZPC-3
UPDATE: Submission Phase has been extended. See below. Are you a Zeek user?Do you enjoy writing Zeek scripts? Do you like being recognized for your awesome work? Do you want to make the world’s networks safer? Do you like winning prizes and claiming bragging...
Zeek Monthly Newsletter – Issue 6 – July 2020
Issue 6 - July 2020 Welcome to the Zeek Monthly Newsletter! Issue 6 covers June 2020 as well as upcoming events. In this Issue: TL;DR Development UpdatesZeek BlogZeek In The CommunityNew Zeek PackagesZeek in EnterpriseUpcoming EventsZeek Related...
Zeek Monthly Newsletter – Issue 5 – June 2020
Issue 5 - June 2020 Welcome to the Zeek Monthly Newsletter, Issue 5 covers May 2020 as well as upcoming events. In this Issue: TL;DR Development UpdatesZeek BlogZeek In The CommunityNew Zeek Related PackagesZeek in EnterpriseUpcoming EventsZeek Related...
Zeek From Home – Episode 6 – Zeek Scripting 101 to 495 in 45 Mins. – Recording Now Available!
Zeek From Home, Episode 6 recorded on 10 June and featured guest Aashish Sharma of LBL and the Zeek Project Leadership Team who discussed and presented on Zeek Scripting. Zeek From Home is a weekly Zeek Webinar series where Zeek users, developers and...
Zeek Package Contest – ZPC-2 – Winners Announced!
We are thrilled to announce the winners of our second Zeek Package Contest. ZPC-2 (Zeek Package Contest Number 2) was announced on 6 April 2020 and concluded on 15 May. The focus of this competition was on the MITRE ATT&CK™ Framework, more...
Zeek From Home – Episode 5 – Brim Security – Recording Now Available!
Zeek From Home, Episode 5 recorded on 3 June and featured guests Phil Rzewski, Technical Director and Steve McCanne, Coding CEO at Brim Security who discussed and presented on Brim’s recent open source app and more. To learn more check the recording.
Zeek From Home – Episode 4 – Security Onion (Part 1) – Recording Now Available!
Zeek From Home – Episode 4 – Security Onion – Recording Now Available!
7 Dos And Don’ts For Zeek Scripting
This post serves as an introduction to some of the pitfalls I had to learn about whilst writing scripts. Hopefully, they help you avoid the same pitfalls. In some of the below example code snippets, bold font is used to emphasize a particular pitfall. If you’d like to...
Zeek From Home – Episode 3- Suricata
Zeek From Home, Episode 3 recorded on 20 May featured guests Victor Julien, OISF Founder and Suricata's Lead Developer and Josh Stroschein, Ph.D., Director of Training and Academic Initiatives who discussed and presented on Suricata. Zeek From Home is a weekly...
Announcing the (New) Spicy Parser Generator
We are very happy to announce a new Zeek project now available on GitHub. The Spicy parser generator makes it substantially easier for Zeek to support and parse new protocols and file formats. I will tell you a bit more about Spicy’s capabilities and history in the...
Zeek From Home – Episode 2- Looking Deeper into the Zeek 3.0 – Major Changes, Point Releases and more – Recording Now Available!
We kicked off the Zeek From Home May series with a Zeek 3.0 presentation from Tim Wojtulewicz of Corelight. You can find out more about upcoming Zeek webinars on the zeek.org events calendar. Latest Zeek From Home Webinar 13 May - Zeek 3.0 - Major Changes,...
Zeek Monthly Newsletter – Issue 4 – May 2020
Issue 4 - May 2020 Welcome to the Zeek Monthly Newsletter, Issue 4 covers April 2020 as well as upcoming events. In this Issue: General Community News/UpdatesDevelopment UpdatesZeek in the NewsZeek In, Near and Around the CommunityInterviews/Blog...
People of Zeek – Interview Series – Phil Rzewski of Brim Security
In our continuing People of Zeek interview series, today we have Phil Rzewski, Technical Director at Brim Security and active Zeek community member. Phil, thank you so much for taking time out of your schedule to answer a few questions and let the community get to...
People of Zeek Interview Series – Matthias Vallentin of Tenzir
In our continuing People of Zeek interview series, today we have Matthias Vallentin, Co-Founder and CEO of Tenzir as well as an active Zeek community member. Matthias, thank you so much for taking time out of your schedule to answer a few questions and let the...
Zeek From Home – Episode 1 – Zeek-Agent – Recording Now Available
Last week we announced our Zeek From Home series and on Wednesday 15 April we kicked off the series with a presentation by Seth Hall on the new Zeek Agent. You can find out more about upcoming Zeek webinars on the zeek.org events calendar. Latest Zeek From...
Writing My First Protocol Analyzer
I recently tried my hand at writing my first protocol analyzer for Zeek. This is something that I’ve wanted to accomplish since first learning about Zeek. I recall trying to concatenate all the strings from tcp_contents() and parse application layer data using string...
Got Zoom ?
I still find it amazing what you can find quite simply with Zeek. Since Zoom seems to be on top of mind for many recently, as an example to show how easily you can highlight specific traffic with great accuracy and granularity, I wrote this simple PoC package...
