Zeek Blog
Zeek Package Contest – ZPC-2
Are you a Zeek user?Do you enjoy writing Zeek scripts? Do you like being recognized for your awesome work? Do you want to make the world’s networks safer? Do you like winning prizes and claiming bragging rights?Do you want the...
2019 Zeek Package Contest Summary & Winners
In late 2019, we held the first Zeek Package Contest (ZPC-1) and announced the winners at ZeekWeek. For those who may have missed this contest or may not have been at ZeekWeek in Seattle this blog post is a summary of the contest and the contributions. For ZPC-1...
The New IO Loop in Zeek 3.1
Zeek has a long-standing issue with standby CPU usage on low-power systems and low-traffic networks where even if nothing is happening on the network, Zeek will continue to use 10-15% of the CPU doing nothing. This stems from the fact that the existing main loop of...
Zeek From Home
Since we won’t be holding any in-person Zeek events for the foreseeable future, we’d like to invite you to be part of a new weekly ‘Zeek From Home’ webinar series to kick off in April. The schedule will be announced once we have a few submissions queued up. These...
ZeekWeek 2020 Austin – Cancelled – Open Letter to the Community
Dear Zeek Community, It is our hope that all of you are staying safe and healthy during this uncertain time. We’re all navigating unfamiliar territory together, as the COVID 19 crisis affects every aspect of our lives both personally and...
People of Zeek Interview Series – Keith Lehigh of Indiana University and the Zeek Leadership Team
In our continuing People of Zeek interview series, today we have Keith Lehigh, Chair of the Open Source Zeek Leadership Team (LT). Keith thank you so much for taking time out of your schedule to answer a few questions and let the community get to know more about you....
People of Zeek Interview Series – Doug Burks of Security Onion
In our continuing People of Zeek interview series, today we have Doug Burks, Founder of Security Onion and CEO of Security Onion Solutions. Doug, thank you so much for taking time out of your schedule to answer a few questions and let the community get to know more...
Announcing the Zeek Agent
This posting is cross-posted between the Zeek blog and the Trail of Bits blog. Announcing The Zeek Agent The Zeek Network Security Monitor provides a powerful open-source platform for network traffic analysis. However, from its network vantage point, Zeek...
Announcing the NEW Zeek Website!
In 2018, Vern Paxson, Zeek creator, announced that the Bro Project had officially changed its name from “Bro” to “Zeek”. With a new project name comes new branding, and in 2019 in the opening remarks for ZeekWeek the new Zeek Project logo was announced. And today we...
Zeek Slack Channel Announced
You’re Invited!! We’re so excited to announce the NEW Zeek Slack workspace: zeekorg.slack.comAlong with this new Slack workspace we are also introducing a Code of Conduct and Slack Channel Guidelines. We’ve adopted modified versions of the Kubernetes Community Code of...
Zeek Monthly Newsletter, Issue 2 – March 2020
Welcome to the Zeek Monthly Newsletter, Issue 2 covers January and February 2020 as well as upcoming events. In this Issue: General Community News/Updates Development Updates Zeek In the Community Threat of the Month Upcoming Events Contribution/Contributor of...
Zeek 3.1 released
Zeek 3.1 is now available as source code. Binary packages for Linux will follow shortly. After last year’s 3.0, this is the first feature release following our new release schedule, bringing new functionality & improvements to users interested in upgrading more...
Updating a Plugin in Zeek 3.1
By Tim Wojtulewicz With the release of Zeek 3.1 coming soon, we are now fully deprecating all of the old Bro naming, including for the plugin skeleton. This means that plugins may fail to build once Zeek 3.1 has been installed. This blog post describes a set of...
Zeek 3.1 Release Candidate Available
We are very happy to make a release candidate of Zeek 3.1 available today. After last year’s 3.0, this is the first feature release following our new release schedule, bringing new functionality & improvements to users interested in upgrading more frequently than...
Keep Austin weird.logs – Save The Date – ZeekWeek2020
ZeekWeek 2020 (formerly BroCon) will be held on 7-9 October at the AT&T Executive Education and Conference Center in Austin, Texas. Attendees will be able to “Zeek-out” on workshops, training, community presentations and visit with sponsors, core maintainers,...
Detecting CVE-2020-0601 with Zeek
CVE-2020-0601 is a major security issue affecting recent versions of Microsoft Windows. In a nutshell, NSA found a vulnerability in core Windows libraries that perform certificate validation. This vulnerability can be used to craft certificates that are accepted as...
Zeek Monthly Newsletter, Issue 1 – January 2020
Welcome to the Zeek Monthly Newsletter, Issue 1 covers December 2019 as well as upcoming events. In this Issue: General Community News/Updates Development Updates Zeek In the News Interviews Threat of the Month Upcoming Events Contribution/Contributor of the...
Getting started with Zeek (Docker-style): Part 1
Introduction First of all, welcome to the community! If you are reading this, then you’ve heard all about how great Zeek is and you are interested in finding out for yourself by getting it up and running and playing with it. Good move! The goal of this article...
How To Add A JPEG File Analyzer To Zeek – Part 4
by Keith J. Jones, Ph.D Introduction The last three blog posts demonstrated how to add a JPEG file analysis plugin into the core Zeek source code or as a package. This part will demonstrate how you can add tests to your code when distributed as part of the Zeek...
How To Add A JPEG File Analyzer To Zeek – Part 3
by Keith J. Jones, Ph.D Introduction The last two blog posts (Part 1 and Part 2) demonstrated how to add a JPEG file analysis plugin. This part will show you how to take our working JPEG source code and make it a Zeek package. A Zeek package can be...
How To Add A JPEG File Analyzer To Zeek – Part 2
by Keith J. Jones, Ph.D Introduction In the first post we added a stub to Zeek for JPEG file analysis. As you recall, instead of just checking in code into the open source repository, our goal in this blog series is to “teach a person to fish” along with a few...
Zeek Community Resources
Or - How can I get involved in the community? One of the questions that we commonly get is “How do I get help," or “How can I get involved into the Zeek community?" The goal of this blog post is to make you aware of the...
Zeek Package Ecosystem Overview
What follows is an overview of the existing Zeek package ecosystem. Nothing new, but hopefully a fresh description of the big picture can help guide those less familiar or generally fill in gaps. What are packages? Zeek packages contain scripts and plugins that...
How To Add A JPEG File Analyzer To Zeek – Part 1
Introduction This blog post will walk you through the process of adding a JPEG file analyzer to Zeek. Please keep in mind that our main goal in this blog series is to “teach a person to fish” along with a few small fish to get started as bait rather than simply...
What is ‘Weird’ in Zeek?
By: Fatema Bannat Wala, Security Engineer, University of Delaware As you probably know, Zeek transforms network traffic into real-time logs used by threat hunters, incident responders, and network operators. Most of these logs correspond to common network...
ZeekWeek 2019 – Summary and Slides
The global community of Zeek developers and users gathered together in Seattle last month, October 8-11, for the annual ZeekWeek (formerly BroCon) event. 171 network security professionals representing 84 organizations travelled from all over the world to share ideas...
ZeekWeek Q&A with the Community: Bricata
by Amber Graner, Zeek Director of Community As ZeekWeek gets underway, we wanted to find out what’s new among members of the Zeek Community. Accordingly, we had a chance to catch up with the Bricata team. Bricata is a contributor to the Zeek community, and supporter...
Zeek, Corelight and Humio help make observability accessible
Guest post by Humio We’re proud to have Humio on board as the exclusive training sponsor for ZeekWeek 2019. As a thought leader in the observability space, Humio has a deep understanding of making observability accessible, comprehensive, and affordable. Humio can help...
ZeekWeek 2019 – Thank you to our sponsors
The Zeek Project Leadership Team (LT) would like to thank all of the ZeekWeek 2019 sponsors for their generous support. Without their ongoing support ZeekWeek would not be possible. ZeekWeek is the most important community event for users, developers, incident...
Zeek 3.0.0
(Note: This is a slightly updated version of a previous posting announcing the initial release candidate.) We just published Zeek 3.0.0—our first major release since Bro 2.0 came out in 2012. This version is quite special as it undertakes The Big...
