Zeek Blog

Got Zoom ?

I still find it amazing what you can find quite simply with Zeek.  Since Zoom seems to be on top of mind for many recently, as an example to show how easily you can highlight specific traffic with great accuracy and granularity, I wrote this simple PoC package...

read more

The New IO Loop in Zeek 3.1

Zeek has a long-standing issue with standby CPU usage on low-power systems and low-traffic networks where even if nothing is happening on the network, Zeek will continue to use 10-15% of the CPU doing nothing. This stems from the fact that the existing main loop of...

read more

Zeek From Home

Since we won’t be holding any in-person Zeek events for the foreseeable future, we’d like to invite you to be part of a new weekly ‘Zeek From Home’ webinar series to kick off in April. The schedule will be announced once we have a few submissions queued up.  These...

read more

Announcing the Zeek Agent

This posting is cross-posted between the Zeek blog and the Trail of Bits blog.  Announcing The Zeek Agent    The Zeek Network Security Monitor provides a powerful open-source platform for network traffic analysis. However, from its network vantage point, Zeek...

read more

Announcing the NEW Zeek Website!

In 2018, Vern Paxson, Zeek creator, announced that the Bro Project had officially changed its name from “Bro” to “Zeek”. With a new project name comes new branding, and in 2019 in the opening remarks for ZeekWeek the new Zeek Project logo was announced. And today we...

read more

Zeek Slack Channel Announced

You’re Invited!! We’re so excited to announce the NEW Zeek Slack workspace: zeekorg.slack.comAlong with this new Slack workspace we are also introducing a Code of Conduct and Slack Channel Guidelines. We’ve adopted modified versions of the Kubernetes Community Code of...

read more

Zeek 3.1 released

Zeek 3.1 is now available as source code. Binary packages for Linux will follow shortly. After last year’s 3.0, this is the first feature release following our new release schedule, bringing new functionality & improvements to users interested in upgrading more...

read more

Updating a Plugin in Zeek 3.1

By Tim Wojtulewicz   With the release of Zeek 3.1 coming soon, we are now fully deprecating all of the old Bro naming, including for the plugin skeleton. This means that plugins may fail to build once Zeek 3.1 has been installed. This blog post describes a set of...

read more

Zeek 3.1 Release Candidate Available

We are very happy to make a release candidate of Zeek 3.1 available today. After last year’s 3.0, this is the first feature release following our new release schedule, bringing new functionality & improvements to users interested in upgrading more frequently than...

read more

Detecting CVE-2020-0601 with Zeek

CVE-2020-0601 is a major security issue affecting recent versions of Microsoft Windows. In a nutshell, NSA found a vulnerability in core Windows libraries that perform certificate validation. This vulnerability can be used to craft certificates that are accepted as...

read more