Welcome to the Zeek Newsletter.
In this Issue:
- TL;DR
- Development Updates
- Zeek in the Community
- Zeek in the Enterprise
- Upcoming Events
- Zeek Package Updates
- Get Involved
TL;DR
This month’s newsletter is mostly about development updates. Thank you for participating in the Zeek survey. We will share what we learned once we have time to digest the results. Zeek 5.2.0 has arrived as well.
Development Updates
Throughout the month (and including 1 March), Tim Wojtulewicz released several new versions of Zeek.
1 February: Zeek 5.0.6 and 5.1.2, a security and bug fix release:
https://community.zeek.org/t/zeek-bugfix-security-releases-v5-0-6-and-v5-1-2/
3 February: Zeek 5.2.0-rc-1, a new release candidate.
https://community.zeek.org/t/zeek-feature-release-candiate-5-2-0-rc1/
21 February: Zeek 5.0.7 and 5.1.3, a security and bug fix release, and Zeek 5.2.0-rc-2, a new release candidate.
1 March: Zeek 5.2.0, a new release.
<https://community.zeek.org/t/zeek-feature-release-5-2-0/>
We encourage users to update to the latest releases to address bugs and security issues. The release notes contain important information:
https://github.com/zeek/zeek/releases/tag/v5.2.0
Of note:
“Experimental support added for building and running Zeek on Microsoft Windows environments. This is considered experimental due to the fact that our standard testing setup (btest) doesn’t run properly on Windows. This will be fixed in the future. In the meantime we have done some basic testing against builds done with Visual Studio 2019. Information on how to build on Windows is available in the Zeek documentation. Note also that Spicy is currently unsupported and will be fixed in the future.
The feature as checked into the repository is not considered production-ready. There are many bugs to squash and features to improve, and we will be steadily fixing things over the next few months.
The Zeek team wants to give a huge thank you to the team at Microsoft for all of their effort in completing this port.”
On 16 February, Benjamin Bannier announced the release of Spicy 1.7.0 and spicy-plugin-1.5.0.
https://community.zeek.org/t/spicy-1-7-0-and-spicy-plugin-1-5-0-released/
Zeek in the Community
On 27 February, Doug Burks announced that Zeek 5.0.7 is now available in Security Onion 2.3.220:
https://blog.securityonion.net/2023/02/security-onion-23220-now-available.html
Thanks to everyone subscribed to our YouTube channel, we’re approaching 4,100 subscribers. Check us out here:
https://youtube.com/c/zeekurity
This playlist contains recordings of all monthly community calls, hosted by Fatema Bannat Wala:
https://www.youtube.com/playlist?list=PL2EYTX8UVCMg5TRktRBp-zffFTHqcSrw5
Keith Jones has been publishing a ton of Zeek videos recently:
Anatomy Of A Zeek Spicy Protocol Analyzer
https://www.youtube.com/watch?v=wmm-6ZggwNc
BACNet ICS Basics With Zeek
https://www.youtube.com/watch?v=C1y6UY_ithk
Easily Run Zeek and Spicy in a Docker Container
https://www.youtube.com/watch?v=s5XT71sx47I
Create a Zeek Spicy Analyzer from a Template
https://www.youtube.com/watch?v=bYRavdBxMsM
All four are in this playlist:
https://www.youtube.com/playlist?list=PLNEVgQAFtunt8SmBf2qjXW5AZf0wkbGip
Thanks for producing these videos, Keith!
Zeek in the Enterprise
We continue to provide experimental support for Windows. Please consider testing the new code by compiling it on Windows:
https://docs.zeek.org/en/master/install.html#building-from-source
Upcoming Events
Our next monthly community call will take place on Wednesday 5 April at 1 pm ET. Register here:
https://zoom.us/meeting/register/tJ0lf-usqzwpGdXz35YcBhYtJOEjvSZcgl6W
After registering, you will receive a confirmation email containing information about joining the meeting.
If you have any questions please email: fatema@zeek.org
One way to stay informed on video content is to subscribe to the Zeek YouTube channel:
<https://youtube.com/c/Zeekurity>
The following playlist contains all 19 videos for ZeekWeek 2022:
https://www.youtube.com/playlist?list=PL2EYTX8UVCMhWO6m_uanhXLrSPrCMxO74
Zeek Package Updates
Changes to packages are available via this search:
https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed
The https://packages.zeek.org site reported the last 5 updates as of 3 January:
3/2/23, 4:13 AM shodan-zeek
3/1/23, 2:07 PM spicy-plugin
2/26/23, 4:38 PM zeekjs
2/24/23, 11:08 AM IRC-Zeek-package
2/24/23, 10:42 AM zeek-af_packet-plugin
Get Involved
If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.
The Slack channel has been very active during the past month. Here is an invitation link:
https://join.slack.com/t/zeekorg/shared_invite/zt-12z1pjy93-zuVGuT1BF~yUJJvERxhp7g
Stay up to date by joining the Zeek Discourse:
Subscribe to our YouTube channel:
https://youtube.com/c/Zeekurity
Follow us on Twitter:
Follow us on Mastodon:
https://infosec.exchange/@zeek
The old mailing list archives now redirect to this site:
https://community.zeek.org/archives/list/zeek@lists.zeek.org/
If you’d like to read the Leadership Team meeting notes, they are here:
https://github.com/zeek/zeek/wiki/LT-Meeting-Notes
Follow us on LinkedIn:
https://www.linkedin.com/company/zeekurity
To search LinkedIn for jobs mentioning Zeek skills, use this query:
<https://www.linkedin.com/jobs/search/?keywords=zeek>
See you next time!