Zeek Blog
vZeekWeek 2021 – Schedule Announced – Register Today!
The Zeek Project is delighted to announce the schedule for ZeekWeek 2021, which will be an online-only event taking place 13-15 October. ZeekWeek is free, though registration is required. ZeekWeek (formerly BroCon) is the most important community event for users,...
2021 Zeek Package Contest – Submission Deadline Extended
2021 Zeek Package Contest – Submission Deadline Extended. Find out how you can get your Zeek Package Contest Challenge Coin.
ZeekWeek 2021 – Now Virtual Only
ZeekWeek 2021 is now a virtual only event. Online registration will be opening soon.
Zeek Monthly Newsletter – Issue 11 – August 2021
Zeek Monthly Newsletter – Issue 11 – August 2021 – NOW AVAILABLE.
Zeek 4.1 Feature Release
(This is an updated version of an earlier posting announcing a 4.1 release candidate.) The Zeek development team is excited to publish our next feature release, Zeek 4.1. This version includes the following highlights: Overhauled SSL/X509 processing to make its...
Telegram Zeek, you’re my main notice
In this post, Yacin Nadji shares a Zeek Package, zeek-notice-telegram, that sends a message to a user or group chat on Telegram when the new action is added to a notice.
Zeek in Action, Video 6, How to Monitor Wireless Networks
In this episode, Richard looks at the complexities of monitoring your wireless network for defensive purposes using a variety of tools such as, but not limited to, Zeek, Parrot Security, Brim and more.
Zeek in Action, Video 5, What is this New Device?
In this episode, Richard Bejtlich looks at how to use Zeek, Rumble and Humio to learn more about assets you have discovered on your network.
Zeek in Action, Video 4, Where Should I Put My Sensor?
In this episode, Richard Bejtlich explores how to figure out where to put a sensor on your network.
Zeek 4.1 Release Candidate
The Zeek development team is excited to publish a release candidate of our next feature release, Zeek 4.1. This version includes the following highlights: Overhauled SSL/X509 processing to make its logging output more helpful and compact. In particular, x509.log is...
ZeekWeek 2021 – Registration Open!
ZeekWeek 2021 will be held 13-15 October at the AT&T Hotel and Conference Center located in Austin, Texas. Registration Open!
ZeekWeek 2021 – Call For Participation – Speakers and Sponsors
UPDATES: Call for Papers - Deadline Extended to 25 August 2021; Due to the Delta Covid variant we are also allowing for remote presentations. If you aren't comfortable traveling to Austin, but would like to submit a talk, please do so. ZeekWeek 2021 will be held...
Functions, hooks, and events. Oh my!
In this blog post Anthony Kasza explains the subtle differences between function, hook and event types in the Zeek scripting language.
Zeek in Action, Video 3, Comparisons of Data Sources
In this episode, Richard Bejtlich looks at PCAPs from Tcpreplay using Zeek, Brim Security and Wireshark.
Detecting the Facefish Linux Rootkit with Zeek
In this blog post, Keith J. Jones, PhD with Corelight Labs walks readers through detecting the Facefish Linux Rootkit using Zeek.
Zeek Monthly Newsletter – Issue 10 – May 2021
Zeek Monthly Newsletter – Issue 10 – May 2021 – NOW AVAILABLE
Zeek In Action, Video 2, Tracing a Trickbot Infection
In this episode of Zeek in Action, Richard Bejtlich traces a trickbot infection known as CATBOMBER using try.zeek.org.
Zeek Monthly Newsletter – Issue 9 – April 2021
Zeek Monthly Newsletter – Issue 9 – April 2021 – NOW AVAILABLE!
Announcing the Zeek Training Subgroup
Announcing the Zeek Project Training Subgroup – Are you a Zeek user who is passionate about working with the Zeek community to improve one of the most crucial areas of the Zeek Project – the Training material? If so, then this is an opportunity to get involved with various aspects of Zeek Training. – Join today!
Zeek in Enterprise Day
Announcing Zeek in Enterprise Day – Does your organization incorporate Zeek into its commercial offerings? Do you want to let the Zeek Community know about your product? The Zeek in Enterprise Day is just for you!! Sign up and participate today.
Announcing the Zeek Testing Subgroup
Announcing the Zeek Project Testing Subgroup. The goal of the subgroup is to stress-test new versions of Zeek This blog post details the outline and structure of this subgroup.
Zeek’s IPSec Protocol Analyzer
Keith J. Jones, PhD explains how he added his IPsec Spicy Protocol Analyzer to Zeek. Want to know how he did it? The check out this post.
Welcome to Zeek in Action, Video 1, Suspected Malware Compromise
Richard Bejtlich shares Video 1, Suspected Malware Compromise in this episode of Zeek in Action – in this video, Richard exams network traffic using Zeek and related applications.
Spicy 1.0 — Robust Parsers for Protocols & File Formats
We are happy to announce the release of Spicy 1.0, an open source parser generator that makes it much easier for Zeek—and other applications—to support new protocols and file formats. We had made an initial, experimental version of Spicy available a little while ago....
ZPC-3 Winners Announced
We are thrilled to announce the winners of the third Zeek Package Contest, which was sponsored by Corelight. The contest was open to all Zeek packages compatible with Zeek 3.0 and above. Below is a list of the winners and links to the packages that were...
A Zeek OpenVPN Protocol Analyzer in Spicy
This blog will not repeat the basics of OpenVPN, but instead it will briefly walk through the Spicy version of the same protocol analyzer we built in Binpac. You will see that the Spicy version of the protocol analyzer will be much more intuitive and compact
Zeek in Action: Introduction and How to Set Up a Windows Workstation Using Brim Security
Welcome to Zeek in Action, a new series of videos for Zeek users and fans. The purpose of the series is to show how analysts can interpret data in Zeek and related formats to solve various networking challenges. The focus will mainly be on security use cases, but we...
A Zeek OpenVPN Protocol Analyzer
By Keith J. Jones, Corelight Sr. Security Researcher Introduction and Background Many modern VPN providers use the OpenVPN protocol in their clients and servers. Threat actors are also known to use OpenVPN. Zeek is unable to natively detect and parse the OpenVPN...
Package management updates in Zeek 4
Our latest Zeek release includes a number of improvements around zkg, Zeek’s package manager. They aim to make zkg more accessible and familiar to users of other package managers. In this blog post I’d like to walk you through these changes.
Zeek 4.0 LTS Release
(This is an updated version of an earlier posting announcing a 4.0 release candidate.) We are very excited to make Zeek 4.0 available. This is an LTS release with support for the coming year. Some highlights coming with this version: Plugin API support for adding...