Welcome to the Zeek Newsletter.
In this Issue:
- TL;DR
- Development Updates
- Zeek Blog and Mailing List
- Zeek in the Community
- Zeek Package Updates
- Zeek in the Enterprise
- Upcoming Events
- Zeek Related Jobs
- Get Involved
TL;DR
ZeekWeek 2022 will take place 12-14 October, in Austin, Texas, USA. There is now a virtual attendance option for briefings only. The content this year is especially compelling, with two training class options for in-person attendees.
Many thanks to Robin Sommer, who has retired as technical lead for the project after 15 years of faithful service. Robin continues to contribute to the project. Congratulations to Christian Kreibich who has taken on the technical lead role. For more, see Robin’s announcement:
https://community.zeek.org/t/leadership-change-welcome-christian/
Development Updates
On 19 September, Tim Wojtulewicz announced the release of Zeek 4.0.9 and 5.0.2. Both address security issues and bug fixes. Please update Zeek as soon as possible.
See the release notes for details:
https://github.com/zeek/zeek/releases/tag/v4.0.9
https://github.com/zeek/zeek/releases/tag/v5.0.2
Binary packages for the new releases are available:
https://github.com/zeek/zeek/wiki/Binary-Packages
Updated source code is available:
https://download.zeek.org/zeek-4.0.9.tar.gz
https://download.zeek.org/zeek-5.0.2.tar.gz
On 20 September, Tim published the first release candidate for Zeek 5.1.0. See the release notes for details:
https://github.com/zeek/zeek/releases/tag/v5.1.0-rc1
Updated source code is available:
https://download.zeek.org/zeek-5.1.0-rc1.tar.gz
Zeek Blog and Mailing List
Johanna Amann migrated the mailing list to a Discourse platform in late May. The site is available here:
If you create a new account with the same email address that you used with the previous mailing list, all your old posts will be assigned to you. Please let us know if you encounter any issues, either by Slack, email, or the site-feedback category on Discourse.
The old mailing list archives now redirect to this site:
https://community.zeek.org/archives/list/zeek@lists.zeek.org/
If you’d like to read the Leadership Team meeting notes, they are here:
https://github.com/zeek/zeek/wiki/LT-Meeting-Notes
Zeek in the Community
On 30 August, Doug Burks announced that Security Onion 2.3.160 was now available, including Zeek 4.0.8 and more:
https://blog.securityonion.net/2022/08/security-onion-23160-now-available.html
On 7 September, Fatema Bannat Wala hosted a Zeek community call. The recording is here:
https://www.youtube.com/watch?v=15PT8FtKVbA
Check out the new Zeek Wikipedia page:
https://en.wikipedia.org/wiki/Zeek
Please feel free to contribute to it.
On 8 September, Seth Grover announced the release of Malcolm v6.3.0, with Zeek v5.0.1, Arkime v3.4.2 and OpenSearch v2.2.1. Check out GitHub for details:
https://github.com/idaholab/Malcolm/releases/tag/v6.3.0
Zeek Package Updates
The following packages recently reported updates (as of 28 September), via this search:
https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed
Added icsnpp-s7comm parser
#189 by Kleinspider was merged 9 days ago
The https://packages.zeek.org site reported the last 5 updates as of 28 September:
9/28/22, 1:21 AM icsnpp-bacnet
9/27/22, 7:07 PM zeek-exporter
9/26/22, 5:43 PM bro-af_packet-plugin
9/26/22, 5:43 PM zeek-af_packet-plugin
9/23/22, 10:30 PM icsnpp-s7comm
Zeek in the Enterprise
Congratulations to Seth Grover from Idaho National Lab for winning Corelight’s Apex Award for “Best Contribution to the Zeek Community”! See the press release for details:
https://corelight.com/company/corelight-announces-winners-of-second-annual-apex-awards
Upcoming Events
Here is the schedule for ZeekWeek 2022:
https://zeek.org/zeekweek2022/schedule/
All times are US Central time.
12 October 2022 – Day 1 – Training
Option 1:
8:30am - 5:00pm - Training: Intermediate to Zeek - Cluster Edition
By Keith Lehigh, Christian Kreibich, Fatema Bannat Wala
The Introduction to Zeek training is aimed at users who have little to no experience with Zeek. We will introduce you to some basic architecture, show you how to run and customize Zeek on the command line, and give some guidance on how to do basic log analysis. This year we will also be teaching about Zeek cluster deployments in production together with all the cluster components, and the new Zeek management framework.
Option 2:
8:30am - 5:00pm - Training: Hands-on Zeek Scripting
By Aashish Sharma
In the Hands-on Zeek Scripting training, Aashish Sharma will walk attendees through the fundamentals of Zeek Scripting along with some practical exercises. Training will cover scripting basics but will advance through various frameworks such as notice, input, and clusterization techniques. Training will consist of some theory on each topic and hands-on exercises.
5:00pm - 7:00pm – Welcome Reception
13 October 2022 – Day 2
9:15am - 9:30am - Welcome & Opening Remarks
9:30am - 10:30am - Keynote: The Evolving Cyber Threat Landscape, Wendi Whitmore
10:30am - 10:45am - Break
10:45am - 11:15am - Zeek for Windows: The Journey to run on all endpoints
11:15am - 11:45am - Schemaing about Zeek Logs
11:45am - 12:00pm - Lightning Talk
12:00pm - 1:15pm - Lunch
1:15pm - 1:45pm - “Zero Trust, and verify” - Zeek
1:45pm - 2:15pm - CatchM3ifuKan - Detecting Command-and-Control Techniques Up and Down the Networking Stack with Streaming Statistical and Machine Learning Techniques
2:15pm - 2:30pm - An Intro to the Management Framework
2:30pm - 2:50pm - Break
2:50pm - 3:00pm - Lightning Talk
3:00pm - 3:30pm - Lessons Learned: Two Years of Developing Parsers for Industrial Control Systems Protocol
3:30pm - 4:00pm - Closing Remarks
14 October 2022 – Day 3
9:15am - 9:30am - Welcome & Opening Remarks
9:30am - 10:30am - Keynote: Building Killbot-Killing-Killbots for Fun and ?Profit?, Nicholas Weaver
10:30am - 10:45am - Break
10:45am - 11:15am - Filtering logs like a pro
11:15am - 11:45am - Zeek for Endpoint: Detection and Device Discovery
11:45am - 12:00am - Lightning Talk
12:00pm - 1:15pm - Lunch
1:15pm - 1:45pm - Network Tapping for Zeek
1:45pm - 2:15pm - Zeek known services classification - ZTA edition
2:15pm - 2:30pm - Practical GAN-based Synthetic IP Header Trace Generation using NetShare
2:30pm - 2:50pm - Break
2:50pm - 3:00pm - Lightning Talk
3:00pm - 3:30pm - What the Metadata?
3:30pm - 4:00pm - The State of the Zeek Project (Roadmap and Community)
4:00pm - 4:15pm - Closing Remarks
Early bird registration ends 30 September. Full cost registration starts 1 October.
https://zeek.org/zeekweek2022/registration/
Virtual attendance is now an option for briefings only, for $50 (USD).
Register here:
See https://zeek.org/events/ for other events.
Zeek Related Jobs
To search LinkedIn for jobs mentioning Zeek skills, use this query:
https://www.linkedin.com/jobs/search/?keywords=zeek
Get Involved
If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.
The Slack channel has been very active during the past month. Here is an invitation link:
https://join.slack.com/t/zeekorg/shared_invite/zt-12z1pjy93-zuVGuT1BF~yUJJvERxhp7g
Stay up to date by subscribing to the Zeek mailing list:
Follow us on Twitter:
Subscribe to our video channel:
https://www.youtube.com/channel/UC1K5-MWaM1XZcEFPCMrmNMw
See you next time!