Greetings, Zeek community!
It’s been a while, but new GA releases of the Brim desktop app (v0.25.0) and Zed backend/CLI tooling (v0.30.0) have finally arrived!
Since this is our first release since February, there’s too many changes to cover in a brief email. There’s full details in release notes at the links above. A few highlights:
- The storage used by Brim to hold your Zeek/Suricata/other logs is now a “Zed lake”. Though the introduction of Zed lakes causes no immediate change to your favorite Brim workflows, they unlock powerful new functionality that will be revealed in Brim going forward, including Git-like branching. See the Zed lake README for details.
- Enhancements have been made to the Zed language to unify search and expression syntax, introduce new operators and functions for data exploration and shaping, and more! Review the Zed language docs for details.
- pcap processing is now handled by a separate, new component called Brimcap. Your favorite pcap workflows in Brim have not changed, but Brimcap also opens up new flexible custom configurations and can be used as a standalone tool. For more info, check out the Brimcap README and wiki.
Other links of general interest:
- Download page for the Brim application
- Brim’s YouTube channel, which includes app demos and info for developers (admittedly getting a bit dated)
- Join our public Slack workspace for announcements, Q&A, feedback, and to trade ideas
Have fun!