X

Zeek Blog

The New IO Loop in Zeek 3.1

Zeek has a long-standing issue with standby CPU usage on low-power systems and low-traffic networks where even if nothing is happening on the network, Zeek will continue to use 10-15% of the CPU doing nothing. This stems from the fact that the existing main loop of...

read more

Zeek From Home

Since we won’t be holding any in-person Zeek events for the foreseeable future, we’d like to invite you to be part of a new weekly ‘Zeek From Home’ webinar series to kick off in April. The schedule will be announced once we have a few submissions queued up.  These...

read more

Announcing the Zeek Agent

This posting is cross-posted between the Zeek blog and the Trail of Bits blog.  Announcing The Zeek Agent    The Zeek Network Security Monitor provides a powerful open-source platform for network traffic analysis. However, from its network vantage point, Zeek...

read more

Announcing the NEW Zeek Website!

In 2018, Vern Paxson, Zeek creator, announced that the Bro Project had officially changed its name from “Bro” to “Zeek”. With a new project name comes new branding, and in 2019 in the opening remarks for ZeekWeek the new Zeek Project logo was announced. And today we...

read more

Zeek Slack Channel Announced

You’re Invited!! We’re so excited to announce the NEW Zeek Slack workspace: zeekorg.slack.comAlong with this new Slack workspace we are also introducing a Code of Conduct and Slack Channel Guidelines. We’ve adopted modified versions of the Kubernetes Community Code of...

read more

Zeek 3.1 released

Zeek 3.1 is now available as source code. Binary packages for Linux will follow shortly. After last year’s 3.0, this is the first feature release following our new release schedule, bringing new functionality & improvements to users interested in upgrading more...

read more

Updating a Plugin in Zeek 3.1

By Tim Wojtulewicz   With the release of Zeek 3.1 coming soon, we are now fully deprecating all of the old Bro naming, including for the plugin skeleton. This means that plugins may fail to build once Zeek 3.1 has been installed. This blog post describes a set of...

read more

Zeek 3.1 Release Candidate Available

We are very happy to make a release candidate of Zeek 3.1 available today. After last year’s 3.0, this is the first feature release following our new release schedule, bringing new functionality & improvements to users interested in upgrading more frequently than...

read more

Detecting CVE-2020-0601 with Zeek

CVE-2020-0601 is a major security issue affecting recent versions of Microsoft Windows. In a nutshell, NSA found a vulnerability in core Windows libraries that perform certificate validation. This vulnerability can be used to craft certificates that are accepted as...

read more

Zeek Community Resources

 Or - How can I get involved in the community? One of the questions that we commonly get is “How do I get help," or “How can I get involved into the Zeek community?" The goal of this blog post is to make you aware of the...

read more

Zeek Package Ecosystem Overview

What follows is an overview of the existing Zeek package ecosystem.  Nothing new, but hopefully a fresh description of the big picture can help guide those less familiar or generally fill in gaps. What are packages? Zeek packages contain scripts and plugins that...

read more

What is ‘Weird’ in Zeek?

By:  Fatema Bannat Wala, Security Engineer, University of Delaware As you probably know, Zeek transforms network traffic into real-time logs used by threat hunters, incident responders, and network operators. Most of these logs correspond to common network...

read more

ZeekWeek 2019 – Summary and Slides

The global community of Zeek developers and users gathered together in Seattle last month, October 8-11, for the annual ZeekWeek (formerly BroCon) event. 171 network security professionals representing 84 organizations travelled from all over the world to share ideas...

read more

Zeek 3.0.0

(Note: This is a slightly updated version of a previous posting announcing the initial release candidate.) We just published Zeek 3.0.0—our first major release since Bro 2.0 came out in 2012. This version is quite special as it undertakes The Big...

read more

Zeek 3.0.0 RC1 released

(Note: We will update this blog posting for the final release.  Please provide feedback on anything that would be helpful to add.) We just published a release candidate for Zeek 3.0.0—our first major release since Bro 2.0 came out in 2012. This version is quite...

read more

JOIN US

Virtual ZeekWeek 2020

OCTOBER 13 - 15, 2020