Zeek Blog

By Zach Medley Getting started working on Zeek can be daunting because of the sheer size of the repository. While designed reasonably, Zeek is big and a lot of reasonable design can still be a lot to handle. This blog post walks through how I added Zeek’s key-value...

As we gear up for ZeekWeek 2019, I wanted to introduce you to Fatema Bannat Wala an active Zeek community member, who I had the chance to meet earlier this year at the 2019 Open Source Zeek European Workshop that was held in Geneva, Switzerland at CERN. Fatema is a...

“Coming together is a beginning, staying together is progress, and working together is success.”  ~ Henry Ford To all members of the Zeek community: today I’m excited to share the strategic goals I’ll be pursuing over the next year. As a reminder, I joined...

Paraglob is a data structure for quick string matching against a large set of patterns. It was originally designed by Robin Sommer, but an early, experimental implementation was slowed significantly by an internal set data structure that ran in linear time for most of...

The open source Zeek project Leadership Team (LT) is made up of contributors from multiple organizations throughout the community. The LT acts as both a technical steering committee and governance body. You can find out more about the LT on the team page of the...

Amber Graner (AG): Hi Zeke. Thank you so much for taking the time to answer my questions and let the community know who you are and what Zeek related items you’re working on. Zeke Medley (ZM): Hi Amber 🙂 AG: Zeke can you take a moment to tell people a little about...

The open source Zeek project Leadership Team (LT) is made up of contributors from multiple organizations throughout the community. The LT acts as both a technical steering committee and governance body. You can find out more about the LT on the team page of the...

ZeekWeek 2019 will be held on 8-11 October 2019 at King Street Ballroom & Perch, Hilton Embassy Suites in Seattle Washington and registration is now open. ZeekWeek this year includes a one day Training Workshop event which is being held the day before the ZeekWeek...

The open source Zeek project Leadership Team (LT) is made up of contributors from multiple organizations throughout the community. The LT acts as both a technical steering committee and governance body. Currently, the LT meets every two weeks. You can find out more...

As part of the submission and ongoing docs refresh for Zeek.org below is the list of projects we are submitting for Google Season of Docs consideration. Introduction to Zeek (rewrite) How to install Zeek (rewrite) How to write a Script for Zeek Guide (rewrite and new)...

Save the Date  October 8th - 11th ZeekWeek 2019  (formerly BroCon) King Street Ballroom & Perch, Hilton Embassy Suites 255 South King Street, Seattle WA 98104 This year ZeekWeek (formerly BroCon) will be held 8-11 October 2019 in the King Street Ballroom &...

Today we kick off our weekly interview series with the Open Source Zeek Leadership Team and community contributors with Robin Sommer. Before we get started, I’d like to thank Robin for taking the time to answer my interview questions and kick off this series. Amber...

I’d like to take a moment and introduce myself. I’m Amber Graner, and I’m excited to join Corelight, Inc as the Director of Community for the open source Zeek project.   When I volunteered to join the U.S. Army in 1989, the saying “Mission first, people always”...

Over the years we have released new Zeek (Bro) versions on a somewhat regular annual basis, often around the time of BroCon. We also often did smaller bug fix releases in between, typically without adding any new functionality. However, while this annual cycle gave...

Current State of Affairs A near-term item on the Zeek Roadmap is to provide an alternative, and eventual successor, to BroControl.  For context on why that's the case, there's the following pain points: Process supervision in an external tool/process like...

More than 20 years ago I chose the name "Bro" as "an Orwellian reminder that monitoring comes hand in hand with the potential for privacy violations", as the original Bro paper put it. Today that warning is needed more than ever ... but it's clear that now...

As a quick followup to Part1, I want to bring attention to the Reminder about Events and Module Namespaces.  This is something that I'd forgotten about (or never knew) that will save you a lot of headaches when converting scripts to use Broker.  While I'm at...

Bro Moves Back to ICSI; Makes $10k Donation To Conservancy Software Freedom Conservancy, a charity that provides a home to free and open source software projects, and the Bro Leadership Team announce that the Bro Project, an open source network traffic analysis...

We announce the release of Bro v2.5.3. The new version is now available for download at https://bro.org/download/index.html or directly at https://www.bro.org/downloads/bro-2.5.3.tar.gz.Binary packages for the new version are currently building and will be availablein...

We announce the release of Bro v2.5.2. The new version is now available for download at https://bro.org/download/index.html or directly at https://www.bro.org/downloads/bro-2.5.2.tar.gz. Binary packages for the new version are currently building and will be available...

At this year’s BroCon (Sept. 12–14), we announced that the project is going to be renamed, and that we are seeking community input for ideas. After the issue was raised at the previous year’s BroCon panel, the leadership team felt that we needed to take the idea...

While we’re in the process of developing a web site for the Bro Package Manager project, we’d like to share the packages we have collected so far. The package names and a short description are listed below.  Source: https://github.com/bro/packages To learn how to...

We are very happy to announce the release of Bro v2.5.1. The new version is now available for download! This release contains a number of bug fixes. Fixes include:  Better file analysis memory management  Less cluster node communication  Correct...

The beta version for Bro 2.5.1 is now available for testing and can bedownloaded at https://bro.org/download/index.html. Binary packages also are available at https://bro.org/download/beta-packages.html.This release contains a number of bug fixes. Fixes include:...

The Bro team would like to encourage the development of Bro scripts and plugins by creating a website front-end for the Bro Package Manager, with additional functionality to be determined. We are seeking input from the Bro user community as to what features would be...

The Bro Project is looking for an exceptional engineer to join our core team of Bro developers. If you are interested in helping us advance Bro, please consider applying!We are looking for candidates who have demonstrated experience leading projects, excellent...

BroCon ’17 will occur on Tuesday, September 12th - Thursday, September 14th at the National Center for Supercomputing Applications in Urbana, IL. See our event page: https://www.bro.org/community/brocon2017.html Early bird registration is open! CFP is open! Don't...

In October of 2015 we announced that the Bro Project joined Software Freedom Conservancy. Conservancy is a not-for-profit organization that helps promote, improve, develop, and defend Free, Libre, and Open Source Software (FLOSS) projects. You are likely familiar with...

Note: This is a guest blog post by Jan Grashöfer, the original post may be found here.  Recently Bro's intelligence framework was refactored and extended with a couple of new features. This post will discuss the updates and tries to clear some of the...