Zeek Blog

You’re Invited!! We’re so excited to announce the NEW Zeek Slack workspace: zeekorg.slack.comAlong with this new Slack workspace we are also introducing a Code of Conduct and Slack Channel Guidelines. We’ve adopted modified versions of the Kubernetes Community Code of...

Welcome to the Zeek Monthly Newsletter, Issue 2 covers January and February 2020 as well as upcoming events.    In this Issue: General Community News/Updates Development Updates Zeek In the Community Threat of the Month Upcoming Events Contribution/Contributor of...

CVE-2020-0601 is a major security issue affecting recent versions of Microsoft Windows. In a nutshell, NSA found a vulnerability in core Windows libraries that perform certificate validation. This vulnerability can be used to craft certificates that are accepted as...

     Welcome to the ​Zeek Monthly Newsletter​, Issue 1 covers December 2019 as well as upcoming events. In this Issue:  General Community News/Updates Development Updates Zeek In the News Interviews Threat of the Month Upcoming Events Contribution/Contributor of the...

Introduction   First of all, welcome to the community! If you are reading this, then you’ve heard all about how great Zeek is and you are interested in finding out for yourself by getting it up and running and playing with it. Good move! The goal of this article...

by Keith J. Jones, Ph.D Introduction  The last three blog posts demonstrated how to add a JPEG file analysis plugin into the core Zeek source code or as a package.  This part will demonstrate how you can add tests to your code when distributed as part of the Zeek...

by Keith J. Jones, Ph.D   Introduction   The last two blog posts (Part 1 and Part 2) demonstrated how to add a JPEG file analysis plugin. This part will show you how to take our working JPEG source code and make it a Zeek package. A Zeek package can be...

by Keith J. Jones, Ph.D   Introduction In the first post we added a stub to Zeek for JPEG file analysis.  As you recall, instead of just checking in code into the open source repository, our goal in this blog series is to “teach a person to fish” along with a few...

 Or - How can I get involved in the community? One of the questions that we commonly get is “How do I get help," or “How can I get involved into the Zeek community?" The goal of this blog post is to make you aware of the...

What follows is an overview of the existing Zeek package ecosystem.  Nothing new, but hopefully a fresh description of the big picture can help guide those less familiar or generally fill in gaps. What are packages? Zeek packages contain scripts and plugins that...

Introduction This blog post will walk you through the process of adding a JPEG file analyzer to Zeek. Please keep in mind that our main goal in this blog series is to “teach a person to fish” along with a few small fish to get started as bait rather than simply...

By:  Fatema Bannat Wala, Security Engineer, University of Delaware As you probably know, Zeek transforms network traffic into real-time logs used by threat hunters, incident responders, and network operators. Most of these logs correspond to common network...

The global community of Zeek developers and users gathered together in Seattle last month, October 8-11, for the annual ZeekWeek (formerly BroCon) event. 171 network security professionals representing 84 organizations travelled from all over the world to share ideas...

by Amber Graner, Zeek Director of Community As ZeekWeek gets underway, we wanted to find out what’s new among members of the Zeek Community. Accordingly, we had a chance to catch up with the Bricata team. Bricata is a contributor to the Zeek community, and supporter...

Guest post by Humio We’re proud to have Humio on board as the exclusive training sponsor for ZeekWeek 2019. As a thought leader in the observability space, Humio has a deep understanding of making observability accessible, comprehensive, and affordable. Humio can help...

The Zeek Project Leadership Team (LT) would like to thank all of the ZeekWeek 2019 sponsors for their generous support. Without their ongoing support ZeekWeek would not be possible. ZeekWeek is the most important community event for users, developers, incident...

The leading event for open-source Zeek network security monitor comes to Seattle San Francisco, Calif. – Sept. 12, 2019 – Zeek Week 2019 (formerly BroCon), the most important community event for users, developers, incident responders, threat hunters and security...

(Note: We will update this blog posting for the final release.  Please provide feedback on anything that would be helpful to add.) We just published a release candidate for Zeek 3.0.0—our first major release since Bro 2.0 came out in 2012. This version is quite...

By Christian Kreibich, Senior Engineer at CorelightNearly a year has passed since the introduction of the Community ID flow hashing standard, so I’d like recap the goals of the project, share an update on what has happened since, and lay out the next steps. The...

The open source Zeek project Leadership Team (LT) is made up of contributors from multiple organizations throughout the community. The LT acts as both a technical steering committee and governance body. You can find out more about the LT on the team page of the...

Zeek Package Contest Are you a Zeek user? Do you enjoy writing Zeek scripts? Do you like being recognized for your awesome work? Do you want to make the world’s networks safer? Do you like winning prizes and claiming bragging rights? Do you want the opportunity to...

The Zeek Leadership Team is pleased to announce that Freddy Dezeure will keynote ZeekWeek 2019 which will take place in Seattle, Wash., Oct. 8-11, 2019. Dezeure’s ’s keynote, “Threats are changing, so are we as defenders”, will present insights into the current attack...