Zeek: Blog

Zeek In Action, Video 2, Tracing a Trickbot Infection

by Amber Graner | May 18, 2021 | community, Zeek in Action

In this episode of Zeek in Action, Richard Bejtlich traces a trickbot infection known as CATBOMBER using try.zeek.org.

Zeek Monthly Newsletter – Issue 9 – April 2021

by Amber Graner | Apr 30, 2021 | community, Newsletter

Zeek Monthly Newsletter – Issue 9 – April 2021 – NOW AVAILABLE!

Announcing the Zeek Training Subgroup

by Fatema Bannat Wala | Apr 27, 2021 | community, Training Group

Announcing the Zeek Project Training Subgroup – Are you a Zeek user who is passionate about working with the Zeek community to improve one of the most crucial areas of the Zeek Project – the Training material? If so, then this is an opportunity to get involved with various aspects of Zeek Training. – Join today!

Zeek in Enterprise Day

by Amber Graner | Apr 22, 2021 | community, Zeek In Enterprise

Announcing Zeek in Enterprise Day – Does your organization incorporate Zeek into its commercial offerings? Do you want to let the Zeek Community know about your product? The Zeek in Enterprise Day is just for you!! Sign up and participate today.

Announcing the Zeek Testing Subgroup

by Aashish Sharma | Apr 21, 2021 | community, Testing Group

Announcing the Zeek Project Testing Subgroup. The goal of the subgroup is to stress-test new versions of Zeek This blog post details the outline and structure of this subgroup.

Zeek’s IPSec Protocol Analyzer

by Keith J. Jones, PhD | Apr 20, 2021 | community, Protocol Analyzer, Spicy

Keith J. Jones, PhD explains how he added his IPsec Spicy Protocol Analyzer to Zeek. Want to know how he did it? The check out this post.

Welcome to Zeek in Action, Video 1, Suspected Malware Compromise

by Richard Bejtlich | Apr 14, 2021 | community, Zeek in Action

Richard Bejtlich shares Video 1, Suspected Malware Compromise in this episode of Zeek in Action – in this video, Richard exams network traffic using Zeek and related applications.

Spicy 1.0 — Robust Parsers for Protocols & File Formats

by Robin Sommer | Apr 13, 2021 | open-source, release, Spicy, Zeek

We are happy to announce the release of Spicy 1.0, an open source parser generator that makes it much easier for Zeek—and other applications—to support new protocols and file formats. We had made an initial, experimental version of Spicy available a little while ago....

ZPC-3 Winners Announced

by Amber Graner | Apr 8, 2021 | community, ZPC-3

We are thrilled to announce the winners of the third Zeek Package Contest, which was sponsored by Corelight. The contest was open to all Zeek packages compatible with Zeek 3.0 and above. Below is a list of the winners and links to the packages that were...

A Zeek OpenVPN Protocol Analyzer in Spicy

by Keith J. Jones, PhD | Apr 8, 2021 | Spicy

This blog will not repeat the basics of OpenVPN, but instead it will briefly walk through the Spicy version of the same protocol analyzer we built in Binpac. You will see that the Spicy version of the protocol analyzer will be much more intuitive and compact

Zeek in Action: Introduction and How to Set Up a Windows Workstation Using Brim Security

by Richard Bejtlich | Apr 6, 2021 | community, Zeek in Action

Welcome to Zeek in Action, a new series of videos for Zeek users and fans. The purpose of the series is to show how analysts can interpret data in Zeek and related formats to solve various networking challenges. The focus will mainly be on security use cases, but we...

A Zeek OpenVPN Protocol Analyzer

by Keith J. Jones, PhD | Mar 16, 2021 | OpenVPN, Protocol Analyzer

By Keith J. Jones, Corelight Sr. Security Researcher Introduction and Background Many modern VPN providers use the OpenVPN protocol in their clients and servers. Threat actors are also known to use OpenVPN. Zeek is unable to natively detect and parse the OpenVPN...

Package management updates in Zeek 4

by Christian Kreibich | Mar 15, 2021 | 4.0, Packages

Our latest Zeek release includes a number of improvements around zkg, Zeek’s package manager. They aim to make zkg more accessible and familiar to users of other package managers. In this blog post I’d like to walk you through these changes.

Zeek 4.0 LTS Release

by Robin Sommer | Mar 1, 2021 | 3.2, Zeek

(This is an updated version of an earlier posting announcing a 4.0 release candidate.) We are very excited to make Zeek 4.0 available. This is an LTS release with support for the coming year. Some highlights coming with this version: Plugin API support for adding...

Zeek Monthly Newsletter – Issue 8 – February 2021

by Amber Graner | Feb 5, 2021 | community, Newsletter

Welcome to the first Zeek Newsletter of 2021! Issue 8 – February 2021. This issue contains Zeek 4.0 RC, Link to new Zeek Documentation, ZeekWeek 2021, upcoming events, Zeek related jobs and more.

Save the Date – ZeekWeek 2021 Hybrid Event

by Amber Graner | Feb 3, 2021 | community, ZeekWeek, ZeekWeek21

ZeekWeek 2021 (formerly BroCon) will be held 13-15 October at the AT&T Executive Education and Conference Center in Austin, Texas – provided it is safe to meet in person.

Just Released – New and Improved Zeek Documentation

by Amber Graner | Feb 2, 2021 | community, documentation

The Zeek Project is thrilled to announce the release of new and substantially improved Zeek documentation, which we refer to as “The Book of Zeek.” This version includes content for Zeek 4.0, and numerous additional updates.

Zeek 4.0 Release Candidate

by Robin Sommer | Dec 15, 2020 | 3.2, Zeek

Update: The final 4.0.0 release is now available We are very excited to publish a release candidate of Zeek 4.0. today. We expect the final version to follow in early January, which will then become the new Zeek LTS release with support for the coming year. (To help...

Virtual ZeekWeek 2020: Summary, Slides and Video

by Amber Graner | Nov 6, 2020 | community, ZeekWeek, ZeekWeek2020

Virtual ZeekWeek 2020: Summary, Slides and Video – The global community of Zeek users and developers gathered virtually last month, October 13-15, for the annual ZeekWeek (formerly BroCon) event.

ZeekWeek 2020 Capture the Flag Summary

by Anthony Kasza | Oct 30, 2020 | Capture the Flag, community, CTF, ZeekWeek, ZeekWeek2020

As part of the most recent ZeekWeek event a capture the flag (CTF) competition was available for attendees to play. The competition included 12 challenges, of varying difficulties, which involved tasks surrounding Zeek scripting and traffic analysis. After a...

New Zeek Leadership Team Announced

by Amber Graner | Oct 9, 2020 | community, Governance, Leadership Team

The Zeek Project is excited to announce the election of a new Zeek Leadership Team (LT). This group of volunteers will be responsible for providing advice and oversight to the whole of the project, and ensuring the health, vibrancy, and sustainability of our...

Zeek Monthly Newsletter – Issue 7 – September 2020

by Amber Graner | Sep 17, 2020 | community, Newsletter, Uncategorized

Issue 7 - September 2020 Welcome to the Zeek Monthly Newsletter! Issue 7 covers July and August 2020, as well as upcoming events. In this Issue: TL;DR Development UpdatesZeek BlogZeek In The CommunityNew Zeek PackagesZeek in EnterpriseUpcoming EventsZeek...

Testimonial Phase for Zeek Leadership Team Elections Now Open

by Amber Graner | Sep 10, 2020 | community, Governance

We are now in the Testimonial Phase of the Zeek Leadership Team (LT) elections. Thank you so much to all of you who provided nominations. The LT reviewed each nomination and the following individuals will be running for a seat on the LT: Aashish...

ZPC-3 Developers Phase Open

by Amber Graner | Aug 21, 2020 | community, ZPC-3

The 3rd Zeek Package Contest (ZPC-3) is currently underway! In the first phase of this contest, community members had the chance to submit their ideas for a compelling new Zeek package. Here are the submissions we received: Package to detect known C2...

Virtual ZeekWeek 2020 – Call For Presentations, and Registration Now Open

by Amber Graner | Aug 17, 2020 | community, ZeekWeek

Virtual ZeekWeek 2020 will be held 13 - 15 October, from 9am - 1:20pm PDT. ZeekWeek is the annual gathering of defenders, developers, incident responders, threat hunters, and security architects who rely on open-source Zeek as a critical element in their...

Save the Date – Virtual ZeekWeek 2020 – Announced

by Amber Graner | Aug 14, 2020 | community, ZeekWeek

Save The Date After much discussion, we are excited to announce that Virtual ZeekWeek 2020 will take place on 13-15 October 2020 from 9am to 1:20pm PDT. Attendees will be able to “Zeek-out” on workshops, training, community presentations and you’ll be able to...

Zeek Leadership Team Elections – Nominations Phase Now Open

by Amber Graner | Aug 12, 2020 | community, Governance

Early today the Zeek Leadership Team (LT) announced the new Zeek governance framework and process. As noted, we are holding our very first Zeek Project LT elections this year. The first phase of the election process is the nominations phase. There are 9...

New Zeek Governance Framework Announced

by Amber Graner | Aug 12, 2020 | community, Governance

Over the last 25 years, the open source Zeek (formerly Bro) Project has experienced remarkable growth. From humble origins as a tool to accelerate network research, Zeek has evolved into a critical platform for network defenders around the world, and has become the...

Zeek 3.2 Released

by Robin Sommer | Aug 10, 2020 | 3.2, Zeek

(This is an updated version of the previous RC announcement.) We are very happy to make Zeek 3.2 available today. Some highlights of the new release include: Zeek now supports synchronizing tables/sets across clusters through a backing Broker data store. The same...

Zeek Mailing List Migration

by Johanna Amann | Jul 30, 2020 | community

We recently migrated our mailing lists to a new mailing list host - and domain. All of our mailing lists are now hosted at lists.zeek.org; this includes the interface to join the list, as well as the list archives. This also means that all of our mailing lists now use...