Zeek Blog
Zeek Project training
The Zeek Project is delighted to announce that we are going to offer the Zeek community training next month. Usually it is a one day event offered during ZeekWeeks, but due to high demand and long waitlist of people during ZeekWeek, we have decided to offer it twice...
Save the date – ZeekWeek 2022 – October 11th to 14th
We are happy to announce that ZeekWeek 2022 will be held on October 11th to 14th in Austin, Texas. More details, as well as a Call for Presentations will be released in the next few weeks. Mark your calendars – and we hope to see you all in Austin in October.
Zeek In Action, Video 12, zeek2es
In this video, Keith Jones (Sr. Security Researcher, Corelight) introduces a simple Python program written to help you take your Zeek ASCII tab delimited files and make them full text searchable with ElasticSearch+Kibana (or OpenSearch, if you prefer). If you don’t...
Zeek in Action, Video 11, Using Spicy Driver
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer. Of course Radius is in core Zeek, but it can be replaced with a Spicy Radius protocol analyzer.
Zeek Newsletter – Issue 14 – November 2021
Issue 14 - November 2021 Welcome to the Zeek Monthly Newsletter! In this Issue: TL;DR Development Updates Zeek Blog and Mailing List Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related Jobs Get Involved TL;DR The big news...
ZeekWeek 2021 Summary, Slides, Videos and more – Now Available!
ZeekWeek 2021 was held online from 13-15 October. This three-day event brought together over 2000 SOC professionals, Zeek users and developers from over 59 countries and 800 companies. If you missed this year's events below is the agenda, with links to slides and...
Zeek in Action, Video 10, Examining the Four Types of Network Security Monitoring Data
In this episode of Zeek in Action, Richard examines the four types of network security monitoring data: 1) full content data ("PCAP"), 2) transaction logs, 3) extracted content, and 4) intrusion detection systems (IDS) alerts. He uses the online tool Cloudshark to...
Zeek In Action, Video 9, Radius Protocol Analyzer with Spicy
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer.
Zeek Monthly Newsletter – Issue 13 – October 2021
Issue 13 - October 2021 Welcome to the Zeek Monthly Newsletter! In this Issue: TL;DR Development Updates Zeek Blog and Mailing List Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related Jobs Get Involved TL;DR ZeekWeek 2021...
ZeekWeek 2021 Capture the Flag Summary
As part of the most recent ZeekWeek event the Zeek Project Training Subgroup and the Corelight Labs Team made a capture the flag (CTF) competition available for attendees to play. The competition included 19 challenges of varying difficulties which involved tasks...
Zeek In Action, Video 8, Installing Zeek From Scratch
In this Zeek in Action video, Richard Bejtlich explains how to install Zeek from scratch, using a fresh Linux environment created on his Windows system with VirtualBox. You can follow along step by step as Richard prepares a VM, installs Linux, selects the version of...
Zeek In Action, Video 7, Capture Loss Statistics
In this episode, Richard Bejtlich explains how to determine if your Zeek deployment suffers from capture loss. There are many causes for capture loss (including an overloaded span port, NIC, or monitoring system), but the end result is the same: unfortunate gaps in...
ZeekWeek 2021 – CTF Announced – Register Today to Play
Another ZeekWeek means another ZeekWeek CTF! This will be the 2nd year of this event. In full observation of the stereotypical behavior associated with the "terrible twos", expect defiant and unruly puzzles 😀 What is this thing? Not only are CTFs a great way to show...
Zeek Monthly Newsletter – Issue 12 – September 2021
Issue 12 - September 2021 Welcome to the Zeek Monthly Newsletter! Issue 12 covers September 2021 and upcoming events. In this Issue: TL;DR Development Updates Zeek Blog Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related...
ZeekWeek Day 3 Keynote Speaker Announced – Richard Bejtlich of Corelight, Inc.
Register today! The Zeek Project is pleased to announce that Richard Bejtlich will keynote the ZeekWeek 2021 Day 3 Zeek Roadmap/ Developers Track on 15 October 2021. Network security monitoring (NSM) began in the late 1980s and continues to assist defenders in the...
vZeekWeek Roadmap: Looking for Input
Are you a Zeek users or developer? The Zeek Project is looking for input on Zeek’s development roadmap. We want to hear about your ideas, feature requests and more.
vZeekWeek Keynote Speaker Announced – David Monnier of Team Cymru, Inc.
The Zeek Project is pleased to announce that David Monnier will keynote the vZeekWeek 2021 Day 2 Professionals/User Track on 14 October 2021.
vZeekWeek 2021 – Schedule Announced – Register Today!
The Zeek Project is delighted to announce the schedule for ZeekWeek 2021, which will be an online-only event taking place 13-15 October. ZeekWeek is free, though registration is required. ZeekWeek (formerly BroCon) is the most important community event for users,...
2021 Zeek Package Contest – Submission Deadline Extended
2021 Zeek Package Contest – Submission Deadline Extended. Find out how you can get your Zeek Package Contest Challenge Coin.
ZeekWeek 2021 – Now Virtual Only
ZeekWeek 2021 is now a virtual only event. Online registration will be opening soon.
Zeek Monthly Newsletter – Issue 11 – August 2021
Zeek Monthly Newsletter – Issue 11 – August 2021 – NOW AVAILABLE.
Zeek 4.1 Feature Release
(This is an updated version of an earlier posting announcing a 4.1 release candidate.) The Zeek development team is excited to publish our next feature release, Zeek 4.1. This version includes the following highlights: Overhauled SSL/X509 processing to make its...
Telegram Zeek, you’re my main notice
In this post, Yacin Nadji shares a Zeek Package, zeek-notice-telegram, that sends a message to a user or group chat on Telegram when the new action is added to a notice.
Zeek in Action, Video 6, How to Monitor Wireless Networks
In this episode, Richard looks at the complexities of monitoring your wireless network for defensive purposes using a variety of tools such as, but not limited to, Zeek, Parrot Security, Brim and more.
Zeek in Action, Video 5, What is this New Device?
In this episode, Richard Bejtlich looks at how to use Zeek, Rumble and Humio to learn more about assets you have discovered on your network.
Zeek in Action, Video 4, Where Should I Put My Sensor?
In this episode, Richard Bejtlich explores how to figure out where to put a sensor on your network.
Zeek 4.1 Release Candidate
The Zeek development team is excited to publish a release candidate of our next feature release, Zeek 4.1. This version includes the following highlights: Overhauled SSL/X509 processing to make its logging output more helpful and compact. In particular, x509.log is...
ZeekWeek 2021 – Registration Open!
ZeekWeek 2021 will be held 13-15 October at the AT&T Hotel and Conference Center located in Austin, Texas. Registration Open!
ZeekWeek 2021 – Call For Participation – Speakers and Sponsors
UPDATES: Call for Papers - Deadline Extended to 25 August 2021; Due to the Delta Covid variant we are also allowing for remote presentations. If you aren't comfortable traveling to Austin, but would like to submit a talk, please do so. ZeekWeek 2021 will be held...
Functions, hooks, and events. Oh my!
In this blog post Anthony Kasza explains the subtle differences between function, hook and event types in the Zeek scripting language.