Zeek Blog

Zeek 3.0.0 RC1 released

(Note: We will update this blog posting for the final release.  Please provide feedback on anything that would be helpful to add.) We just published a release candidate for Zeek 3.0.0—our first major release since Bro 2.0 came out in 2012. This version is quite...

read more

An update on Community ID

By Christian Kreibich, Senior Engineer at CorelightNearly a year has passed since the introduction of the Community ID flow hashing standard, so I’d like recap the goals of the project, share an update on what has happened since, and lay out the next steps. The...

read more

Zeke on Zeek: Paraglob

Paraglob is a data structure for quick string matching against a large set of patterns. It was originally designed by Robin Sommer, but an early, experimental implementation was slowed significantly by an internal set data structure that ran in linear time for most of...

read more

Google Season of Docs

As part of the submission and ongoing docs refresh for Zeek.org below is the list of projects we are submitting for Google Season of Docs consideration. Introduction to Zeek (rewrite) How to install Zeek (rewrite) How to write a Script for Zeek Guide (rewrite and new)...

read more

Save the Date – ZeekWeek 2019

Save the Date  October 8th - 11th ZeekWeek 2019  (formerly BroCon) King Street Ballroom & Perch, Hilton Embassy Suites 255 South King Street, Seattle WA 98104 This year ZeekWeek (formerly BroCon) will be held 8-11 October 2019 in the King Street Ballroom &...

read more

“Mission First, People Always.”

I’d like to take a moment and introduce myself. I’m Amber Graner, and I’m excited to join Corelight, Inc as the Director of Community for the open source Zeek project.   When I volunteered to join the U.S. Army in 1989, the saying “Mission first, people always”...

read more

New Zeek Release Schedule

Over the years we have released new Zeek (Bro) versions on a somewhat regular annual basis, often around the time of BroCon. We also often did smaller bug fix releases in between, typically without adding any new functionality. However, while this annual cycle gave...

read more

Renaming the Bro Project

More than 20 years ago I chose the name "Bro" as "an Orwellian reminder that monitoring comes hand in hand with the potential for privacy violations", as the original Bro paper put it. Today that warning is needed more than ever ... but it's clear that now...

read more

Broker is Coming: Persistent Stores

Note: This is a guest blog post by Mike Dopheide. ---------------------------------------------------------------------------------------- Disclaimer:  If you aren't familiar with the Bro IDS software, this is going to make zero sense. The Bro development team...

read more

A new name for the Bro project

At this year’s BroCon (Sept. 12–14), we announced that the project is going to be renamed, and that we are seeking community input for ideas. After the issue was raised at the previous year’s BroCon panel, the leadership team felt that we needed to take the idea...

read more

Bro 2.5.1 released

We are very happy to announce the release of Bro v2.5.1. The new version is now available for download! This release contains a number of bug fixes. Fixes include:  Better file analysis memory management  Less cluster node communication  Correct...

read more