Zeek Blog

Zeek From Home – Episode 3- Suricata

by Amber Graner | May 27, 2020 | community, Uncategorized, Webinars, Zeek From Home

Zeek From Home, Episode 3 recorded on 20 May featured guests Victor Julien, OISF Founder and Suricata's Lead Developer and Josh Stroschein, Ph.D., Director of Training and Academic Initiatives who discussed and presented on Suricata. Zeek From Home is a weekly...

Announcing the (New) Spicy Parser Generator

by Robin Sommer | May 18, 2020 | Protocol Parsing, Spicy, Zeek

We are very happy to announce a new Zeek project now available on GitHub. The Spicy parser generator makes it substantially easier for Zeek to support and parse new protocols and file formats. I will tell you a bit more about Spicy’s capabilities and history in the...

Zeek From Home – Episode 2- Looking Deeper into the Zeek 3.0 – Major Changes, Point Releases and more – Recording Now Available!

by Amber Graner | May 15, 2020 | community, Webinars, Zeek From Home

We kicked off the Zeek From Home May series with a Zeek 3.0 presentation from Tim Wojtulewicz of Corelight. You can find out more about upcoming Zeek webinars on the zeek.org events calendar. Latest Zeek From Home Webinar 13 May - Zeek 3.0 - Major Changes,...

People of Zeek – Interview Series – Phil Rzewski of Brim Security

by Amber Graner | May 6, 2020 | community, Interview Series

In our continuing People of Zeek interview series, today we have Phil Rzewski, Technical Director at Brim Security and active Zeek community member. Phil, thank you so much for taking time out of your schedule to answer a few questions and let the community get to...

People of Zeek Interview Series – Matthias Vallentin of Tenzir

by Amber Graner | May 5, 2020 | community, Interview Series

In our continuing People of Zeek interview series, today we have Matthias Vallentin, Co-Founder and CEO of Tenzir as well as an active Zeek community member. Matthias, thank you so much for taking time out of your schedule to answer a few questions and let the...

Zeek From Home – Episode 1 – Zeek-Agent – Recording Now Available

by Amber Graner | Apr 17, 2020 | Webinars, Zeek From Home

Last week we announced our Zeek From Home series and on Wednesday 15 April we kicked off the series with a presentation by Seth Hall on the new Zeek Agent. You can find out more about upcoming Zeek webinars on the zeek.org events calendar. Latest Zeek From...

Writing My First Protocol Analyzer

by Anthony Kasza | Apr 16, 2020 | open-source, Packages

I recently tried my hand at writing my first protocol analyzer for Zeek. This is something that I’ve wanted to accomplish since first learning about Zeek. I recall trying to concatenate all the strings from tcp_contents() and parse application layer data using string...

Got Zoom ?

by Ben Reardon | Apr 14, 2020 | Packages

I still find it amazing what you can find quite simply with Zeek. Since Zoom seems to be on top of mind for many recently, as an example to show how easily you can highlight specific traffic with great accuracy and granularity, I wrote this simple PoC package...

Zeek Package Contest – ZPC-2

by Amber Graner | Apr 6, 2020 | community, package contest, ZPC-2

Are you a Zeek user?Do you enjoy writing Zeek scripts? Do you like being recognized for your awesome work? Do you want to make the world’s networks safer? Do you like winning prizes and claiming bragging rights?Do you want the...

2019 Zeek Package Contest Summary & Winners

by Amber Graner | Apr 6, 2020 | community, package contest, ZPC-1

In late 2019, we held the first Zeek Package Contest (ZPC-1) and announced the winners at ZeekWeek. For those who may have missed this contest or may not have been at ZeekWeek in Seattle this blog post is a summary of the contest and the contributions. For ZPC-1...

The New IO Loop in Zeek 3.1

by Tim Wojtulewicz | Apr 3, 2020 | 3.1

Zeek has a long-standing issue with standby CPU usage on low-power systems and low-traffic networks where even if nothing is happening on the network, Zeek will continue to use 10-15% of the CPU doing nothing. This stems from the fact that the existing main loop of...

Zeek From Home

by Amber Graner | Mar 31, 2020 | Uncategorized

Since we won’t be holding any in-person Zeek events for the foreseeable future, we’d like to invite you to be part of a new weekly ‘Zeek From Home’ webinar series to kick off in April. The schedule will be announced once we have a few submissions queued up. These...

ZeekWeek 2020 Austin – Cancelled – Open Letter to the Community

by Amber Graner | Mar 31, 2020 | community, ZeekWeek

Dear Zeek Community, It is our hope that all of you are staying safe and healthy during this uncertain time. We’re all navigating unfamiliar territory together, as the COVID 19 crisis affects every aspect of our lives both personally and...

People of Zeek Interview Series – Keith Lehigh of Indiana University and the Zeek Leadership Team

by Amber Graner | Mar 30, 2020 | community, Interview Series, Uncategorized

In our continuing People of Zeek interview series, today we have Keith Lehigh, Chair of the Open Source Zeek Leadership Team (LT). Keith thank you so much for taking time out of your schedule to answer a few questions and let the community get to know more about you....

People of Zeek Interview Series – Doug Burks of Security Onion

by Amber Graner | Mar 25, 2020 | community, Interview Series

In our continuing People of Zeek interview series, today we have Doug Burks, Founder of Security Onion and CEO of Security Onion Solutions. Doug, thank you so much for taking time out of your schedule to answer a few questions and let the community get to know more...

Announcing the Zeek Agent

by Robin Sommer | Mar 23, 2020 | Zeek

This posting is cross-posted between the Zeek blog and the Trail of Bits blog. Announcing The Zeek Agent The Zeek Network Security Monitor provides a powerful open-source platform for network traffic analysis. However, from its network vantage point, Zeek...

Announcing the NEW Zeek Website!

by Amber Graner | Mar 11, 2020 | Uncategorized

In 2018, Vern Paxson, Zeek creator, announced that the Bro Project had officially changed its name from “Bro” to “Zeek”. With a new project name comes new branding, and in 2019 in the opening remarks for ZeekWeek the new Zeek Project logo was announced. And today we...

Zeek Slack Channel Announced

by Amber Graner | Mar 4, 2020 | Uncategorized

You’re Invited!! We’re so excited to announce the NEW Zeek Slack workspace: zeekorg.slack.comAlong with this new Slack workspace we are also introducing a Code of Conduct and Slack Channel Guidelines. We’ve adopted modified versions of the Kubernetes Community Code of...

Zeek Monthly Newsletter, Issue 2 – March 2020

by Amber Graner | Mar 2, 2020 | Uncategorized

Welcome to the Zeek Monthly Newsletter, Issue 2 covers January and February 2020 as well as upcoming events. In this Issue: General Community News/Updates Development Updates Zeek In the Community Threat of the Month Upcoming Events Contribution/Contributor of...

Zeek 3.1 released

by Amber Graner | Feb 25, 2020 | 3.1, Uncategorized

Zeek 3.1 is now available as source code. Binary packages for Linux will follow shortly. After last year’s 3.0, this is the first feature release following our new release schedule, bringing new functionality & improvements to users interested in upgrading more...

Updating a Plugin in Zeek 3.1

by Amber Graner | Feb 21, 2020 | 3.1, Uncategorized

By Tim Wojtulewicz With the release of Zeek 3.1 coming soon, we are now fully deprecating all of the old Bro naming, including for the plugin skeleton. This means that plugins may fail to build once Zeek 3.1 has been installed. This blog post describes a set of...

Zeek 3.1 Release Candidate Available

by Robin Sommer | Feb 11, 2020 | 3.1, beta, Zeek

We are very happy to make a release candidate of Zeek 3.1 available today. After last year’s 3.0, this is the first feature release following our new release schedule, bringing new functionality & improvements to users interested in upgrading more frequently than...

Keep Austin weird.logs – Save The Date – ZeekWeek2020

by Amber Graner | Jan 31, 2020 | ZeekWeek

ZeekWeek 2020 (formerly BroCon) will be held on 7-9 October at the AT&T Executive Education and Conference Center in Austin, Texas. Attendees will be able to “Zeek-out” on workshops, training, community presentations and visit with sponsors, core maintainers,...

Detecting CVE-2020-0601 with Zeek

by Johanna Amann | Jan 16, 2020 | Uncategorized

CVE-2020-0601 is a major security issue affecting recent versions of Microsoft Windows. In a nutshell, NSA found a vulnerability in core Windows libraries that perform certificate validation. This vulnerability can be used to craft certificates that are accepted as...

Zeek Monthly Newsletter, Issue 1 – January 2020

by Amber Graner | Jan 14, 2020 | Uncategorized

Welcome to the Zeek Monthly Newsletter, Issue 1 covers December 2019 as well as upcoming events. In this Issue: General Community News/Updates Development Updates Zeek In the News Interviews Threat of the Month Upcoming Events Contribution/Contributor of the...

Getting started with Zeek (Docker-style): Part 1

by David Lapsley, PhD | Jan 9, 2020 | Uncategorized

Introduction First of all, welcome to the community! If you are reading this, then you’ve heard all about how great Zeek is and you are interested in finding out for yourself by getting it up and running and playing with it. Good move! The goal of this article...

How To Add A JPEG File Analyzer To Zeek – Part 4

by Amber Graner | Dec 23, 2019 | Uncategorized

by Keith J. Jones, Ph.D Introduction The last three blog posts demonstrated how to add a JPEG file analysis plugin into the core Zeek source code or as a package. This part will demonstrate how you can add tests to your code when distributed as part of the Zeek...

How To Add A JPEG File Analyzer To Zeek – Part 3

by Amber Graner | Dec 20, 2019 | Uncategorized

by Keith J. Jones, Ph.D Introduction The last two blog posts (Part 1 and Part 2) demonstrated how to add a JPEG file analysis plugin. This part will show you how to take our working JPEG source code and make it a Zeek package. A Zeek package can be...

« Older Entries