Zeek Monthly Newsletter – Issue 3 – April 2020

Below is Issue 3 of the Zeek Monthly Newsletter. You can also find it at: https://zeek.org/2020/04/07/zeek-monthly-newsletter-issue-3-april-2020/

==Issue 3 - April 2020==

Welcome to the Zeek Monthly Newsletter, Issue 3 covers March 2020 as well as upcoming events.

===In this Issue:===

  • General Community News/Updates
  • Development Updates
  • Zeek in the News
  • Zeek In the Community
  • Interviews
  • Threat of the Month
  • Upcoming Events
  • New Zeek Related Packages
  • Publication Schedule
  • Get Involved

===General Community News/Updates===

  • New Zeek Package Contest Announced - ZPC-2 - The ZPC contest series is intended to inspire Zeek users to demonstrate their creativity and ingenuity while winning the admiration of their peers, and giving back to the community. The ZPC-2 contest will focus on the MITRE ATT&CK™ Framework, more specifically packages that help detect C2 Techniques. Find out more about how you can participate in ZPC-2 at: https://zeek.org/2020/04/06/zeek-package-contest-zpc-2/

  • Zeek From Home - Weekly Webinar Series - If you have a Zeek Related talk (even one that you’ve given at past Zeek events) submit those today and let’s get you scheduled for a Zeek From Home presentation. Find out more at: https://zeek.org/2020/03/31/zeek-from-home/

  • Zeek Slack Workspace Announced - This post will give you more information about the Slack Space and how you can join. https://zeek.org/2020/03/04/zeek-slack-channel-announced/

  • New Zeek Website announced - We hope you’ve had a chance to look around the new site. This post tells you more about the site and the meaning of the new Zeek Logo - https://zeek.org/2020/03/11/announcing-the-new-zeek-website/

  • ZeekWeek 2020 Austin – Cancelled – Open Letter to the Community - Given the uncertainty, we’ve made the difficult decision to cancel ZeekWeek 2020 in Austin. Rest assured that we are looking at other options to bring the community together as things improve and become more predictable. Those options include a virtual event during the same time frame, and if it’s safe to bring people together, then we will look at holding a smaller event in a different location. However, we won’t know until we get closer to October. You can read morte about this at: https://zeek.org/2020/03/31/zeekweek-2020-austin-cancelled-open-letter-to-the-community/

===Development Updates===

===Zeek in the News===

  • Zeek and Jitsi: 2 open source projects we need now - Long proven but not well known, these network security monitoring and video conferencing tools couldn’t be more timely says Matt Asay. You can find out more at: https://www.infoworld.com/article/3533999/zeek-and-jitsi-2-open-source-projects-we-need-now.html

  • Researchers identify novel cybersecurity approach to protect Army systems - From this post, “Our approach uses symbolic execution to explore the state of TCP implementation of an endhost to identify ways to reach critical points in the code,” Chan said. “If such a point is found, then packets can be inserted and be undetected by DPI. This method is evaluated against several state-of-the-art DPI systems such as Zeek and Snort and identifies previously known evasion strategies in addition to new ones that were not previously documented.” You can find out more at: https://techxplore.com/news/2020-03-cybersecurity-approach-army.html

===Zeek in the Community===


===Threat of the Month===

Do you have a threat you’d like to share with the community and how using Zeek in your security stack helped you identify that threat? Please email news@zeek.org and we’ll work with you to get it written up and shared in the next newsletter.

===Upcoming Events===

====Ask the Zeeksperts====

Ask the Zeeksperts is a one hour bi-weekly call that is hosted by various “Zeeksperts” in the community. This is where you can drop by and ask your Zeek Related questions. The webinars are free to attend, but registration is required.

====Zeek From Home====

This is a new weekly webinar series, where the community can share their Zeek Related presentations (scripts, use cases, how to’s, unique usages, lessons learned etc). These will be recorded.

  • 15 April 2020 - 2pm EST/11am PST (registration details will be announced on the Zeek Mailing list, Twitter, Slack and the website)

====Virtual CTF - Hunt From Home====

Corelight Virtual Hunt from Home - A free, 2-hour Virtual Capture the Flag event hosted by Corelight, where players compete to answer security challenges using Zeek data in Splunk and Elastic. The security challenges model realistic IR and hunting queries and can help you uplevel your Zeek log proficiency. Corelight experts will be on hand during the game to guide players of all skill levels through two exciting hunt scenarios. Sign up for one of eight virtual CTF spots in April. Game winners will take home bragging rights and a $100 Amazon Gift Card. https://www3.corelight.com/ctf/hunt-from-home

If you know of any Zeek related events that you would like to share with the community in the monthly newsletter, please email news@zeek.org or share on the Zeek mailing list (zeek@zeek.org).

===Zeek Related Packages===

===Publication Schedule (Updated)===

  • Issue 1 - January 2020 (Covers December 2019) - 14 January 2020
  • Issue 2 - March 2020 (Covers January and February 2020) - 2 March 2020
  • Issue 3 - April 2020 (Covers March 2020) - 7 April 2020
  • Issue 4 - May 2020 (Covers April 2020) - 4 May 2020
  • Issue 5 - June 2020 (Covers May 2020) - 1 June 2020
  • Issue 6 - July 2020 (Covers June 2020) - 6 July 2020
  • Issue 7 - August 2020 (Covers July 2020) - 3 August 2020
  • Issue 8 - September 2020 (Covers August 2020) - 7 September 2020
  • Issue 9 - Special Issue 1 - September 2020 (Covers ZeekWeek 2020) - 21 September 2020
  • Issue 10 - October 2020 (Covers September 2020) - 5 October 2020
  • Issue 11 - November 2020 (Covers October 2020) - 2 November 2020
  • Issue 12 - December 2020 (Covers November 2020) - 7 December 2020
  • Issue 13 - Special Issue 2 - (Year End Review) - 21 December 2020

===Get Involved===

If you are interested in getting involved with the Zeek Newsletter, please email news@zeek.org.

Stay up to date by subscribing to the Zeek Mailing List.

Follow us on Twitter

Join the Slack Channel.