Zeek Blog

Bro Monthly #3 Welcome to the 3rd Bro Monthly newsletter. This month we cover the following topics: Bro Meet-ups: a new monthly category for Bro related gatherings and groups, Bro teaching and training, Bro in research, Bro in the wild, Bro-active: current exploits,...

Searching DNS logs became a lot faster with the launch of our Passive DNS tool for Bro. It uses Bro's DNS logs to build a database that is more compact, and therefore a lot easier to search. See how we did it by checking it out on GitHub.

Bro Monthly #2Welcome to the 2nd Bro Monthly newsletter. This month we cover the followoing topics: Bro won a Bossie, Bro.org needs help, the Shellshock incident, new features in the Intel framework, news on BinPAC++, Bro in research, Bro in the wild, Bro on demand....

Bro MonthlyWelcome to the 1st Bro Monthly, our new monthly newsletter covering the latest developments in the Bro universe. This newsletter will appear every month, around the 15th, as a Bro blog post. Please send feedback, wishes, and suggestions to info@bro.org or...

We are excited to announce the public release of Bro Live! Bro Live! is a training system that gives users hands-on access to a Bro learning environment without having to download a virtual machine or its required dependencies.  Bro Live! may be built with...

A few days ago, Google announced their plans for sunsetting certificates using the SHA-1 hash algorithm in the near future. Google does not think SHA-1 certificates should be considered secure in the future anymore as collision attacks against SHA-1 get more...

Bro v2.3.1 has been released.  This release addresses a potential DOS vector using specially crafted DNS packets.  It also fixes a bug in the OCSP validation code that could lead to crashes as well as a memory leak.  The source distribution and binary...

We are very excited to announce the official launch of Try.bro.org! Try.bro is a web-based scripting sandbox made freely available to users on our site.  No login.  No installation.  No trouble. We have included a few basic scripts and pcaps to help get...

We are happy to announce the newly started Bro Teaching Community, a community project of educators interested in collaboratively exploring Bro's use as a teaching tool, and sharing experiences and material. The goal is to create a knowledge base and resource...

We are happy to announce the release of Bro v2.3.  The source distribution and binary packages are available on our downloads page.  For a brief overview of new features and bug fixes you may review our previous blog post about the v2.3 beta....

We are happy to announce the public beta of Bro v2.3 is available for download! The majority of our development time has been focused on improving performance, reliability, and memory use. Here is a brief summary of the new features and improvements: Support for GRE...

Update: The heartbleed detector is now part of bro master. You should switch if you are still using the development branch. You still have to load policy/protocols/ssl/heartbleed.bro We just added support to Bro to detect the recent heartbleed attack on...

Overview Intelligence data, or feeds, are an important source of network security information. Many internet security research centers, non-profit organizations, and commercial organizations provide intellegence data sets freely available to the public. (e.g. Emerging...

We have some very exciting news to share today. The National Science Foundation (NSF) has awarded a new three-year grant to our team to establish a Bro Center of Expertise at ICSI and NCSA for supporting the NSF community in deploying Bro. The Center will provide the...

The Bro bug/issue tracker at http://tracker.bro.org has been migrated from Trac to a JIRA instance hosted by Atlassian (you'll notice the former URL now redirects to https://bro-tracker.atlassian.net). A couple new things that JIRA facilitates and may be...

Earlier we asked the Bro community to fill out a short survey aimed at better understanding today's state of Bro deployments. We got 103 replies, with the results below. Many thanks to all the sites who responded, this is really helpful for us.

Today we're delighted to introduce a new venture that we've been preparing in the background for a little while already: the International Computer Science Institute (ICSI) is spinning off a company, Broala, that provides professional Bro services to organizations...

We're excited to announce a new research grant on Semantic Security Monitoring for Industrial Control Systems that the National Science Foundation has awarded to a team of researchers at the International Computer Science Institute (ICSI),  the National Center...

I’m happy to announce the Bro Exchange for 2013 is a go! Our Bro Exchanges aim to get a large number Bro users together into the same room to share experiences and talk about how everyone is using Bro. This time, we’ll also add in a bit of training similar to...

The ICSI web site features a guest posting by Adam Slagell and the Bro Team on Using ICSI's Open-Source Bro Platform to Protect the Blue Waters Supercomputer.

We are very excited to announce that as of today all Bro-related services have found a new home under the bro.org domain. We've moved most services over from bro-ids.org already, and the remaining pieces should fall in place over the next couple of days. Generally,...

Earlier this week, Mandiant released their APT1 report which I’m not going to bother providing any analysis or commentary on, there has been plenty of that this week. As a developer on a network analysis tool my interest primarily lies with consuming the...

The Bro Project has an opening for a three month summer internship. If you are interested in helping us improve Bro and develop new functionality, please apply! See here for more information.