Welcome to the Zeek Newsletter.
In this Issue:
- TL;DR
- Development Updates
- Zeek in the Community
- Zeek in the Enterprise
- Friends of Zeek
- Upcoming Events
- Zeek Package Updates
- Get Involved
TL;DR
We wrote about how Zeek is improving in 2024, and have news on upcoming events. There is a TON in this update, including a new “Friends of Zeek” section, so read to the bottom!
Development Updates
On 12 March, Arne published a blog post titled Recent Zeek Performance Improvements. Plan to run Zeek 6.x, especially the new 6.2.x, to see these enhancements. Please see his post for details:
https://zeek.org/2024/03/12/recent-zeek-performance-improvements/
Speaking of 6.2.X, on 13 March Tim published Zeek 6.2.0. Please see his post for details:
https://community.zeek.org/t/zeek-feature-release-v6-2-0/
Zeek in the Community
On 22 March, Dominik released a new version of Tenzir. please see the project blog for details:
https://docs.tenzir.com/blog/tenzir-v4.11
On 27 March, Seth released a new version of Malcolm. Please see the project site for details:
On 1 April, Doug released a new version of Security Onion. Please see the project blog for details:
https://blog.securityonion.net/2024/04/security-onion-23300-now-available.html
On 3 April, Phil released a new version of Zui. Please see the downloads page for details:
https://www.brimdata.io/download/
Zeek in the Enterprise
Following the release of details on a vulnerability in a third party Zeek package, Christian and Johanna published a blog post titled A Note on Package Safety considerations. The Zeek project wants to take this opportunity to reiterate some safety considerations that you should be aware of when installing Zeek packages.
https://zeek.org/2024/03/05/a-note-on-package-safety-considerations/
Corelight is hiring a remote open source developer to work on Zeek. See this job description for details:
https://boards.greenhouse.io/corelight/jobs/5796333
Friends of Zeek
In this new section of the Zeek newsletter, we will mention news from related projects of interest to network security monitoring practitioners.
On 19 and 21 March, the Suricata project released versions 7.0.4 and 6.0.18, respectively. Visit this site for details:
Upcoming Events
On 19-20 April, Corelight will offer training on Zeek at BSides Kansas City. Please see this post for details:
https://community.zeek.org/t/zeek-and-suricata-training-at-bsides-kansas-city-19-20-april-2024/
The call for papers for ZeekWeek 2024 is now live. Abstracts for talk submissions must be submitted by June 14th. Final notifications will be sent by July 1st. Talks will be reviewed in several rounds before the final submission deadline. Earlier submissions have a higher chance of acceptance. You will be notified as soon as a decision has been made on your talk.
Please see this post for details:
https://community.zeek.org/t/zeekweek-2024-call-for-presentations/
The next Zeek Community Call is 1 May at 1 pm ET. There is no need to register. Here is the Zoom link:
https://us06web.zoom.us/j/99882457331?pwd=WVZLRGtpbmx1V2FqSnlRT1FLRC9lQT09
ZeekWeek 2024 will be held on August 13th and 14th at the Caltech Ramo Auditorium 2 located in Pasadena, California. Additionally there will be a Zeek training event on August 15th. ZeekWeek will be an in-person event. Presentations will be recorded and published after the event. Stay tuned for registration details.
On 2 April, Seth posted to the Zeek Slack that DHS CISA will host a two day Malcolm-focused conference (MalCON) near Arlington, VA on 4-5 September. There will also likely be a virtual option. The event will likely include training for Malcolm, enterprise traffic analysis, and perhaps OT/ICS traffic analysis. If you would like to know more, contact Seth Grover in the Zeek Slack.
Zeek Package Updates
Changes to packages are available via this search:
https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed
The https://packages.zeek.org site reported the last 5 updates as of 2 June:
4/5/24, 4:14 AM shodan-zeek
4/4/24, 7:29 PM geoip-conn
4/3/24, 9:20 PM ja4
4/3/24, 6:28 PM ExtendIntel
4/3/24, 6:11 PM icannTLD
Get Involved
If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.
The Slack channel has been active during the past month. Here is an invitation link:
https://join.slack.com/t/zeekorg/shared_invite/zt-12z1pjy93-zuVGuT1BF~yUJJvERxhp7g
Stay up to date by joining the Zeek Discourse:
Subscribe to our YouTube channel:
https://youtube.com/c/Zeekurity
Follow us on Twitter:
Follow us on Mastodon:
https://infosec.exchange/@zeek
The old mailing list archives now redirect to this site:
https://community.zeek.org/archives/list/zeek@lists.zeek.org/
If you’d like to read the Leadership Team meeting notes, they are here:
https://github.com/zeek/zeek/wiki/LT-Meeting-Notes
Follow us on LinkedIn:
https://www.linkedin.com/company/zeekurity
To search LinkedIn for jobs mentioning Zeek skills, use this query:
https://www.linkedin.com/jobs/search/?keywords=zeek
See you next time!