Zeek Blog

Zeek 3.1 Release Candidate Available

We are very happy to make a release candidate of Zeek 3.1 available today. After last year’s 3.0, this is the first feature release following our new release schedule, bringing new functionality & improvements to users interested in upgrading more frequently than...

read more

Detecting CVE-2020-0601 with Zeek

CVE-2020-0601 is a major security issue affecting recent versions of Microsoft Windows. In a nutshell, NSA found a vulnerability in core Windows libraries that perform certificate validation. This vulnerability can be used to craft certificates that are accepted as...

read more

Zeek Community Resources

 Or - How can I get involved in the community? One of the questions that we commonly get is “How do I get help," or “How can I get involved into the Zeek community?" The goal of this blog post is to make you aware of the...

read more

Zeek Package Ecosystem Overview

What follows is an overview of the existing Zeek package ecosystem.  Nothing new, but hopefully a fresh description of the big picture can help guide those less familiar or generally fill in gaps. What are packages? Zeek packages contain scripts and plugins that...

read more

What is ‘Weird’ in Zeek?

By:  Fatema Bannat Wala, Security Engineer, University of Delaware As you probably know, Zeek transforms network traffic into real-time logs used by threat hunters, incident responders, and network operators. Most of these logs correspond to common network...

read more

ZeekWeek 2019 – Summary and Slides

The global community of Zeek developers and users gathered together in Seattle last month, October 8-11, for the annual ZeekWeek (formerly BroCon) event. 171 network security professionals representing 84 organizations travelled from all over the world to share ideas...

read more

Zeek 3.0.0

(Note: This is a slightly updated version of a previous posting announcing the initial release candidate.) We just published Zeek 3.0.0—our first major release since Bro 2.0 came out in 2012. This version is quite special as it undertakes The Big...

read more

Zeek 3.0.0 RC1 released

(Note: We will update this blog posting for the final release.  Please provide feedback on anything that would be helpful to add.) We just published a release candidate for Zeek 3.0.0—our first major release since Bro 2.0 came out in 2012. This version is quite...

read more

An update on Community ID

By Christian Kreibich, Senior Engineer at CorelightNearly a year has passed since the introduction of the Community ID flow hashing standard, so I’d like recap the goals of the project, share an update on what has happened since, and lay out the next steps. The...

read more

Zeke on Zeek: Paraglob

Paraglob is a data structure for quick string matching against a large set of patterns. It was originally designed by Robin Sommer, but an early, experimental implementation was slowed significantly by an internal set data structure that ran in linear time for most of...

read more