Welcome to the Zeek Newsletter.
In this Issue:
- TL;DR
- Development Updates
- Zeek in the Community
- Zeek in the Enterprise
- Friends of Zeek
- Upcoming Events
- Zeek Package Updates
- Get Involved
[TL;DR]
Christian published a lengthy post on Zeek 7 and delivered a roadmap webinar. See Development Updates for details.
Zeek webinars continue on 18 September. See Upcoming Events for details.
Development Updates
See Christian’s post on Zeek 7 for details on what’s new in this release:
https://community.zeek.org/t/introducing-zeek-7/
Check out Christian’s recorded webinar on the roadmap beyond Zeek 7:
https://youtube.com/live/KUTWiyOSphM
Benjamin released Spicy 1.11.1. This is a bugfix release.
https://github.com/zeek/spicy/releases/tag/v1.11.1
See the NEWS file for a high-level summary, or the CHANGES file for a detailed list of changes which went into this release.
Zeek bugfix releases 6.0.6 and 7.0.1 are now available:
https://zeek.org/get-zeek
https://download.zeek.org/zeek-6.0.6.tar.gz
https://download.zeek.org/zeek-7.0.1.tar.gz
See the release notes for details of the addressed bugs and security issues:
https://github.com/zeek/zeek/releases/tag/v6.0.6
https://github.com/zeek/zeek/releases/tag/v7.0.1
Binary packages for the new releases will also be available shortly:
https://github.com/zeek/zeek/wiki/Binary-Packages
With the arrival of 7.0, the 6.2 feature release series is now unmaintained. There will be no other 6.2 releases. The 6.0 long term support (LTS) series will continue to get patches until 7.1 is released in approximately months. Users running 6.2 should upgrade to 7.0.
For more information on release cadence, see:
https://github.com/zeek/zeek/wiki/Release-Cadence
Zeek in the Community
On 27 August Seth published a new version of Malcolm. Please see the project site for details:
Zeek in the Enterprise
On 17 May the Corelight Labs Team published a blog post titled Detecting the STRRAT Malware Family. It features Zeek, Spicy, and Suricata methods.
https://corelight.com/blog/newsroom/news/strrat-malware
On 6 June, Aaron Clark published a guide on how to build and run Zeek on Windows Server 2022:
https://www.activecountermeasures.com/building-and-running-zeek-on-windows-server-2022/
Friends of Zeek
On 27 June, the Suricata project released versions 7.0.6 and 6.0.20. Visit their site for details:
Upcoming Events
The next Zeek Community Call is 4 September at 1 pm ET. There is no need to register. Here is the Zoom link:
https://us06web.zoom.us/j/99882457331?pwd=WVZLRGtpbmx1V2FqSnlRT1FLRC9lQT09
The next Training Group Call is 13 September at 12 noon ET. Here is the Zoom link:
https://ESnet.zoom.us/j/6445948648
Meeting ID: 644 594 8648
Passcode: Rockon!
On Wednesday 18 September at 1 pm ET, Justin Azoff will present the next Zeek webinar, titled “Don’t be SADF: Make sure your input traffic is healthy.”
In order for Zeek to work properly the traffic fed into it needs to be healthy. There are a number of pitfalls like incorrectly wired optical taps or improperly configured load balancing that can cause analysis issues. In most situations Zeek will run and produce log files, but log entries may be missing, incomplete, or contain duplicate information. We can use the Zeek logs to determine if everything is working properly. However, discovering that there is a problem is often the easy part. A separate group may be in charge of the physical networking layer and they are not expected to be Zeek experts. If something is wrong, how can the problem be quantified and explained in a language that non Zeek experts can understand?
Register here:
https://us06web.zoom.us/webinar/register/WN_0f8PZieFSVKQnHoi0it_lw
The next Security Onion conference will be held 4 October in Augusta, GA. See this post for details:
https://blog.securityonion.net/2024/04/security-onion-conference-2024-save.html
Zeek Package Updates
Changes to packages are available via this search:
https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed
The https://packages.zeek.org site reported the last 5 updates as of 2 June:
9/3/24, 4:14 AM shodan-zeek
8/29/24, 2:54 PM ja4
8/26/24, 2:35 PM zeek-netsupport-detector
8/26/24, 2:33 PM zeekjs-redis
8/22/24, 3:32 PM zeek-spicy-ipsec
Get Involved
If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.
Here is an invitation to the Slack channel:
https://join.slack.com/t/zeekorg/shared_invite/zt-12z1pjy93-zuVGuT1BF~yUJJvERxhp7g
Stay up to date by joining the Zeek Discourse:
Subscribe to our YouTube channel:
https://youtube.com/c/Zeekurity
Follow us on Mastodon:
https://infosec.exchange/@zeek
The old mailing list archives now redirect to this site:
https://community.zeek.org/archives/list/zeek@lists.zeek.org/
If you’d like to read the Leadership Team meeting notes, they are here:
https://github.com/zeek/zeek/wiki/LT-Meeting-Notes
Follow us on LinkedIn:
https://www.linkedin.com/company/zeekurity
To search LinkedIn for jobs mentioning Zeek skills, use this query:
https://www.linkedin.com/jobs/search/?keywords=zeek
See you next time!