Zeek Blog
Introducing Zeek 5.2
The Zeek team is proud to announce the release of Zeek 5.2, starting the final line of feature releases in the 5.x cycle. Development on 5.2 began in late September 2022 and has included some 660 commits, 178 PRs, and external contributions from the teams at Microsoft...
Modern developer tooling for Zeek script
The typical experience of developing in a programming language has changed substantially since the time Zeek script was first introduced in the mid 90s. Today users rightfully expect an inclusive environment with approachable ways to interact with the community, and...
Zeek on Windows
As we shared at ZeekWeek 2022 in October, we’re thrilled to announce emerging support for Zeek on Windows, thanks to an open-source contribution from Microsoft. Part of its integration of Zeek into its Defender for Endpoint security platform, this contribution...
Nomination Phase for the 2022 Zeek Leadership Team Election is now open
This year, half of the Zeek LT seats are up for re-election. We just entered the Nomination Phase of the Zeek Leadership Team (LT) elections. During this phase you can nominate either yourself or someone you know for a seat on the LT. Please submit nominations for a...
ZeekWeek 2022 – Registration Open!
ZeekWeek 2022 will be held 12-14 October at the AT&T Hotel and Conference Center located in Austin, Texas. Registration Open!
Zeek 5.0
The Zeek team is quite excited to announce Zeek 5.0: it’s a major release providing a lot of new functionality, both extending Zeek itself and also growing its ecosystem through new capabilities and tools. Thanks to everybody who has contributed to this release, many...
Zeek Week 2022 – Call for Presentations
ZeekWeek 2022 will be held from October 12th to 14th at the AT&T Hotel and Conference Center located in Austin, Texas. ZeekWeek will be an in-person event. Presentations will be recorded and published after the event. ZeekWeek is the annual gathering of defenders,...
Zeek Project training
The Zeek Project is delighted to announce that we are going to offer the Zeek community training next month. Usually it is a one day event offered during ZeekWeeks, but due to high demand and long waitlist of people during ZeekWeek, we have decided to offer it twice...
Save the date – ZeekWeek 2022 – October 12th to 14th
We are happy to announce that ZeekWeek 2022 will be held on October 12th to 14th in Austin, Texas. More details, as well as a Call for Presentations will be released in the next few weeks. Mark your calendars – and we hope to see you all in Austin in October.
Zeek In Action, Video 12, zeek2es
In this video, Keith Jones (Sr. Security Researcher, Corelight) introduces a simple Python program written to help you take your Zeek ASCII tab delimited files and make them full text searchable with ElasticSearch+Kibana (or OpenSearch, if you prefer). If you don’t...
Zeek in Action, Video 11, Using Spicy Driver
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer. Of course Radius is in core Zeek, but it can be replaced with a Spicy Radius protocol analyzer.
Zeek Newsletter – Issue 14 – November 2021
Issue 14 - November 2021 Welcome to the Zeek Monthly Newsletter! In this Issue: TL;DR Development Updates Zeek Blog and Mailing List Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related Jobs Get Involved TL;DR The big news...
ZeekWeek 2021 Summary, Slides, Videos and more – Now Available!
ZeekWeek 2021 was held online from 13-15 October. This three-day event brought together over 2000 SOC professionals, Zeek users and developers from over 59 countries and 800 companies. If you missed this year's events below is the agenda, with links to slides and...
Zeek in Action, Video 10, Examining the Four Types of Network Security Monitoring Data
In this episode of Zeek in Action, Richard examines the four types of network security monitoring data: 1) full content data ("PCAP"), 2) transaction logs, 3) extracted content, and 4) intrusion detection systems (IDS) alerts. He uses the online tool Cloudshark to...
Zeek In Action, Video 9, Radius Protocol Analyzer with Spicy
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer.
Zeek Monthly Newsletter – Issue 13 – October 2021
Issue 13 - October 2021 Welcome to the Zeek Monthly Newsletter! In this Issue: TL;DR Development Updates Zeek Blog and Mailing List Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related Jobs Get Involved TL;DR ZeekWeek 2021...
ZeekWeek 2021 Capture the Flag Summary
As part of the most recent ZeekWeek event the Zeek Project Training Subgroup and the Corelight Labs Team made a capture the flag (CTF) competition available for attendees to play. The competition included 19 challenges of varying difficulties which involved tasks...
Zeek In Action, Video 8, Installing Zeek From Scratch
In this Zeek in Action video, Richard Bejtlich explains how to install Zeek from scratch, using a fresh Linux environment created on his Windows system with VirtualBox. You can follow along step by step as Richard prepares a VM, installs Linux, selects the version of...
Zeek In Action, Video 7, Capture Loss Statistics
In this episode, Richard Bejtlich explains how to determine if your Zeek deployment suffers from capture loss. There are many causes for capture loss (including an overloaded span port, NIC, or monitoring system), but the end result is the same: unfortunate gaps in...
ZeekWeek 2021 – CTF Announced – Register Today to Play
Another ZeekWeek means another ZeekWeek CTF! This will be the 2nd year of this event. In full observation of the stereotypical behavior associated with the "terrible twos", expect defiant and unruly puzzles 😀 What is this thing? Not only are CTFs a great way to show...
Zeek Monthly Newsletter – Issue 12 – September 2021
Issue 12 - September 2021 Welcome to the Zeek Monthly Newsletter! Issue 12 covers September 2021 and upcoming events. In this Issue: TL;DR Development Updates Zeek Blog Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related...
ZeekWeek Day 3 Keynote Speaker Announced – Richard Bejtlich of Corelight, Inc.
Register today! The Zeek Project is pleased to announce that Richard Bejtlich will keynote the ZeekWeek 2021 Day 3 Zeek Roadmap/ Developers Track on 15 October 2021. Network security monitoring (NSM) began in the late 1980s and continues to assist defenders in the...
vZeekWeek Roadmap: Looking for Input
Are you a Zeek users or developer? The Zeek Project is looking for input on Zeek’s development roadmap. We want to hear about your ideas, feature requests and more.
vZeekWeek Keynote Speaker Announced – David Monnier of Team Cymru, Inc.
The Zeek Project is pleased to announce that David Monnier will keynote the vZeekWeek 2021 Day 2 Professionals/User Track on 14 October 2021.
vZeekWeek 2021 – Schedule Announced – Register Today!
The Zeek Project is delighted to announce the schedule for ZeekWeek 2021, which will be an online-only event taking place 13-15 October. ZeekWeek is free, though registration is required. ZeekWeek (formerly BroCon) is the most important community event for users,...
2021 Zeek Package Contest – Submission Deadline Extended
2021 Zeek Package Contest – Submission Deadline Extended. Find out how you can get your Zeek Package Contest Challenge Coin.
ZeekWeek 2021 – Now Virtual Only
ZeekWeek 2021 is now a virtual only event. Online registration will be opening soon.
Zeek Monthly Newsletter – Issue 11 – August 2021
Zeek Monthly Newsletter – Issue 11 – August 2021 – NOW AVAILABLE.
Zeek 4.1 Feature Release
(This is an updated version of an earlier posting announcing a 4.1 release candidate.) The Zeek development team is excited to publish our next feature release, Zeek 4.1. This version includes the following highlights: Overhauled SSL/X509 processing to make its...
Telegram Zeek, you’re my main notice
In this post, Yacin Nadji shares a Zeek Package, zeek-notice-telegram, that sends a message to a user or group chat on Telegram when the new action is added to a notice.
RSS - Posts