[Zeek] Zeek 3.0 DNS, RDP and SMB Analyzer Changes

Jon Siwek jsiwek at corelight.com
Tue Sep 17 09:24:37 PDT 2019


On Tue, Sep 17, 2019 at 7:21 AM Michael Gez <mgezz66 at gmail.com> wrote:

> Could anyone provide more information about the changes being made to DNS, RDP and SMB analyzers in the shift to Zeek 3.0?

I'd suggest reading the NEWS file, which calls out all the most
important additions/changes:

https://github.com/zeek/zeek/blob/release/3.0/NEWS

To summarize what I see for those specific analyzers:

* DNS added events for SPF and DNSSEC resource records
* RDP added new events and a "client_channels" field in the rdp.log
* SMB adds support for some 3.x features (new event and new fields in
the `SMB2::NegotiateResponse` record)

- Jon



> Are there new fields being added?
> If anyone has tried it out and has any insight it would be appreciated.
> I won't get a chance to test 3.0 out myself for a few weeks, so I'm hoping to have an idea of what to expect when making the switch.
>
> Any information would be greatly appreciated,
> Thanks!
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek


More information about the Zeek mailing list