Welcome to the Zeek Newsletter.
In this Issue:
- TL;DR
- Development Updates
- Zeek in the Community
- Zeek in the Enterprise
- Friends of Zeek
- Upcoming Events
- Zeek Package Updates
- Get Involved
[TL;DR]
Updates for Zeek and Spicy continue. See Development Updates for details.
Zeek webinars return on 16 October. See Upcoming Events for details.
Development Updates
Tim released Zeek versions 6.0.7 and 7.0.2. These are bugfix and security releases.
https://download.zeek.org/zeek-6.0.7.tar.gz
https://download.zeek.org/zeek-7.0.2.tar.gz
See the release notes for details of the addressed bugs and security issues:
https://github.com/zeek/zeek/releases/tag/v6.0.7
https://github.com/zeek/zeek/releases/tag/v7.0.2
Binary packages for the new releases will also be available shortly:
https://github.com/zeek/zeek/wiki/Binary-Packages
Benjamin released Spicy 1.11.2 and 1.11.3. These are bugfix releases. Use the latest.
https://github.com/zeek/spicy/releases/tag/v1.11.3
See the NEWS file for a high-level summary, or the CHANGES file for a detailed list of changes which went into this release.
With the arrival of 7.0, the 6.2 feature release series is now unmaintained. There will be no other 6.2 releases. The 6.0 long term support (LTS) series will continue to get patches until 7.1 is released in a few months. Users running 6.2 should upgrade to 7.0.
For more information on release cadence, see:
https://github.com/zeek/zeek/wiki/Release-Cadence
Zeek in the Community
Seth published a new version of Malcolm. Please see the project site for details:
Zeek in the Enterprise
The Corelight Labs Team published a blog post titled Detecting Abuse of NetSupport Manager. It features Zeek, and includes using the Zeek signature capability.
https://corelight.com/blog/detecting-netsupport-manager-abuse
The recording of the 25 September webinar, How to visualize OT/ICS networks for security measures, by Jiajian Zheng and Jia Wang from NTT Communications, is live here:
https://www.youtube.com/watch?v=rsx1jl284aI
Friends of Zeek
The Suricata project released version 7.0.7. Visit their site for details:
Upcoming Events
Join Robin Sommer and Corelight Open Source on 22 October at 10 am GMT and 10 am PT to learn more about Spicy, a new parser generator—now integrated into Zeek—that makes it much easier to create robust analyzers for network protocols, file formats, and more.
This webcast will explain:
-
Why parsing is a key component of any network monitor like Zeek, it remains challenging to implement correctly, and efficiently with traditional approaches.
-
We will present Spicy’s novel take on the task, which enables developers to extend Zeek with new protocol and file analyzers without writing a single line of C++ code.
-
We’ll go through Spicy’s design, see examples of its capabilities, and recap the project’s history and current state.
This will be a technical presentation—we’ll be looking at code!
Register now!
https://go.corelight.com/os-getting-started-with-spicy
The next Training Group Call is 11 October at 12 noon ET. Here is the Zoom link:
https://ESnet.zoom.us/j/6445948648
Meeting ID: 644 594 8648
Passcode: Rockon!
On Wednesday 16 October at 1 pm ET, Hamza Motiwalla will present the next Zeek webinar, titled Zeek@Meta: Scale, Log Enrichment and Detections.
The ever-evolving threat landscape has made network security monitoring (NSM) imperative for Meta to safeguard assets and provide crucial network forensics. To address this need, we deploy Zeek and Suricata using commodity hardware across our network infrastructure. This presentation will dive into tap deployments at scale for our enterprise network (logging 15 billion connections daily), establish the need for downstream conn.log enrichment (IP->Hostname attribution) and give an overview of the active network detections across our network boundaries.
Register here:
https://us06web.zoom.us/webinar/register/WN_5ROOBD2OSOCzVlfgLriAQg
The next Zeek Community Call is 4 December at 1 pm ET. There is no need to register. Here is the Zoom link:
https://us06web.zoom.us/j/99882457331?pwd=WVZLRGtpbmx1V2FqSnlRT1FLRC9lQT09
We are sorry that BSides Augusta and the Security Onion conference were canceled due to Hurricane Helene. We wish our colleagues in the affected region a speedy recovery.
Zeek Package Updates
Changes to packages are available via this search:
https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed
The https://packages.zeek.org site reported the last 5 updates as of 2 June:
10/3/24, 4:14 AM shodan-zeek
10/2/24, 4:32 PM icsnpp-genisys
10/2/24, 3:48 PM ja4
10/1/24, 4:34 PM 2024-09-cups-linux-rce
9/30/24, 1:58 PM ssl-extensions
Get Involved
If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.
Here is an invitation to the Slack channel:
https://join.slack.com/t/zeekorg/shared_invite/zt-12z1pjy93-zuVGuT1BF~yUJJvERxhp7g
Stay up to date by joining the Zeek Discourse:
Subscribe to our YouTube channel:
https://youtube.com/c/Zeekurity
Follow us on Mastodon:
https://infosec.exchange/@zeek
The old mailing list archives now redirect to this site:
https://community.zeek.org/archives/list/zeek@lists.zeek.org/
If you’d like to read the Leadership Team meeting notes, they are here:
https://github.com/zeek/zeek/wiki/LT-Meeting-Notes
Follow us on LinkedIn:
https://www.linkedin.com/company/zeekurity
To search LinkedIn for jobs mentioning Zeek skills, use this query:
https://www.linkedin.com/jobs/search/?&keywords=zeek
See you next time!