[Zeek] Zeek Monthly Newsletter – Issue 3 – April 2020

Amber Graner akgraner at corelight.com
Tue Apr 7 13:28:47 PDT 2020


Below is Issue 3 of the Zeek Monthly Newsletter.  You can also find it at:
https://zeek.org/2020/04/07/zeek-monthly-newsletter-issue-3-april-2020/

==Issue 3 - April  2020==

Welcome to the Zeek Monthly Newsletter, Issue 3 covers March 2020 as well
as upcoming events.

===In this Issue:===

* General Community News/Updates
* Development Updates
* Zeek in the News
* Zeek In the Community
* Interviews
* Threat of the Month
* Upcoming Events
* New Zeek Related Packages
* Publication Schedule
* Get Involved

===General Community News/Updates===

* New Zeek Package Contest Announced - ZPC-2 - The ZPC contest series is
intended to inspire Zeek users to demonstrate their creativity and
ingenuity while winning the admiration of their peers, and giving back to
the community. The ZPC-2 contest will focus on the MITRE ATT&CK™ Framework,
more specifically packages that help detect C2 Techniques. Find out more
about how you can participate in ZPC-2 at:
https://zeek.org/2020/04/06/zeek-package-contest-zpc-2/


* Zeek From Home - Weekly Webinar Series - If you have a Zeek Related talk
(even one that you’ve given at past Zeek events) submit those today and
let’s get you scheduled for a Zeek From Home presentation. Find out more
at:  https://zeek.org/2020/03/31/zeek-from-home/


* Zeek Slack Workspace Announced - This post will give you more information
about the Slack Space and how you can join.
https://zeek.org/2020/03/04/zeek-slack-channel-announced/


* New Zeek Website announced - We hope you’ve had a chance to look around
the new site.  This post tells you more about the site and the meaning of
the new Zeek Logo -
https://zeek.org/2020/03/11/announcing-the-new-zeek-website/


* ZeekWeek 2020 Austin – Cancelled – Open Letter to the Community - Given
the uncertainty, we’ve made the difficult decision to cancel ZeekWeek 2020
in Austin.  Rest assured that we are looking at other options to bring the
community together as things improve and become more predictable. Those
options include a virtual event during the same time frame, and if it’s
safe to bring people together, then we will look at holding a smaller event
in a different location.  However, we won’t know until we get closer to
October. You can read morte about this at:
https://zeek.org/2020/03/31/zeekweek-2020-austin-cancelled-open-letter-to-the-community/


===Development Updates===

* Announcing the New Zeek Agent - an open source endpoint agent that turns
host activity into Zeek events as it happens. You can find out more about
the Zeek Agent in the blog post at:
https://zeek.org/2020/03/11/announcing-the-new-zeek-website/ and on the
Zeek Mailing list at:
http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-March/015187.html


===Zeek in the News===

* Zeek and Jitsi: 2 open source projects we need now - Long proven but not
well known, these network security monitoring and video conferencing tools
couldn’t be more timely says Matt Asay.  You can find out more at:
https://www.infoworld.com/article/3533999/zeek-and-jitsi-2-open-source-projects-we-need-now.html

* Researchers identify novel cybersecurity approach to protect Army systems
- From this post,  "Our approach uses symbolic execution to explore the
state of TCP implementation of an endhost to identify ways to reach
critical points in the code," Chan said. "If such a point is found, then
packets can be inserted and be undetected by DPI. This method is evaluated
against several state-of-the-art DPI systems such as Zeek and Snort and
identifies previously known evasion strategies in addition to new ones that
were not previously documented." You can find out more at:
https://techxplore.com/news/2020-03-cybersecurity-approach-army.html


===Zeek in the Community===

* Security Onion 16.04.6.5 ISO image now available featuring Zeek 3.0.3,
Suricata 4.1.7, Elastic 6.8.7, CyberChef 9.18.2, and more! -
https://blog.securityonion.net/2020/03/security-onion-160465-iso-image-now.html

* Brim Security - Desktop App - open sourced -  In a tweet, Brim Security
announced, “We've open sourced our desktop application Brim! It lets you
easily work with huge pcaps: it uses Zeek to generate logs you can search
with intuitive queries, and then lets you extract just the interesting
packets into Wireshark.” You can find out more at:
https://www.brimsecurity.com/download/


* Getting Network Visibility into East-West Traffic by Bricata-
https://securityboulevard.com/2020/03/getting-network-visibility-into-east-west-traffic/

===Interviews===

* Doug Burks of Security Onion -
https://zeek.org/2020/03/25/people-of-zeek-interview-series-doug-burks-of-security-onion/

* Keith Lehigh of Indiana University and the Zeek Leadership Team -
https://zeek.org/2020/03/30/people-of-zeek-interview-series-keith-lehigh-of-indiana-university-and-the-zeek-leadership-team/


===Threat of the Month===

Do you have a threat you’d like to share with the community and how using
Zeek in your security stack helped you identify that threat? Please email
news at zeek.org and we’ll work with you to get it written up and shared in
the next newsletter.

===Upcoming Events===

====Ask the Zeeksperts====

Ask the Zeeksperts  is a one hour bi-weekly call that is hosted by various
“Zeeksperts” in the community.  This is where you can drop by and ask your
Zeek Related questions. The webinars are free to attend, but registration
is required.

* 9 April  2020 - 12:30pm PST/3:30pm EST -
https://attendee.gotowebinar.com/register/2632319203581363981

* 23 April  2020 - 12:30pm PST/3:30pm EST -
https://attendee.gotowebinar.com/register/1763308093940786957

====Zeek From Home====

This is a new weekly webinar series, where the community can share their
Zeek Related presentations (scripts, use cases, how to’s, unique usages,
lessons learned etc).  These will be recorded.

* 15 April 2020 - 2pm EST/11am PST (registration details will be announced
on the Zeek Mailing list, Twitter, Slack and the website)

====Virtual CTF - Hunt From Home====

Corelight Virtual Hunt from Home - A free, 2-hour Virtual Capture the Flag
event hosted by Corelight, where players compete to answer security
challenges using Zeek data in Splunk and Elastic. The security challenges
model realistic IR and hunting queries and can help you uplevel your Zeek
log proficiency. Corelight experts will be on hand during the game to guide
players of all skill levels through two exciting hunt scenarios. Sign up
for one of eight virtual CTF spots in April. Game winners will take home
bragging rights and a $100 Amazon Gift Card.
https://www3.corelight.com/ctf/hunt-from-home


If you know of any Zeek related events that you would like to share with
the community in the monthly newsletter, please email news at zeek.org or
share on the Zeek mailing list (zeek at zeek.org).


===Zeek Related Packages===

* RDP Fingerprinting - Profiling RDP Clients with JA3 and RDFP - Adel K
announced this package. You can find out more about it at:
https://medium.com/@0x4d31/rdp-client-fingerprinting-9e7ac219f7f4


===Publication Schedule (Updated)===

* Issue 1 - January 2020 (Covers December 2019) - 14 January 2020
* Issue 2 - March 2020 (Covers January and February 2020) - 2 March 2020
* Issue 3 - April 2020 (Covers March 2020) - 7 April 2020
* Issue 4 - May 2020 (Covers April 2020) - 4 May 2020
* Issue 5 - June 2020 (Covers May 2020) - 1 June 2020
* Issue 6 - July 2020 (Covers June 2020) - 6 July 2020
* Issue 7 - August 2020 (Covers July 2020) - 3 August 2020
* Issue 8 - September 2020 (Covers August 2020) - 7 September 2020
* Issue 9 - Special Issue 1 - September 2020 (Covers ZeekWeek 2020) - 21
September 2020
* Issue 10 - October 2020 (Covers September 2020) - 5 October 2020
* Issue 11 - November 2020 (Covers October 2020) - 2 November 2020
* Issue 12 - December 2020 (Covers November 2020)  - 7 December 2020
* Issue 13 - Special Issue 2 - (Year End Review) - 21 December 2020


===Get Involved===

If you are interested in getting involved with the Zeek Newsletter, please
email news at zeek.org.

Stay up to date by subscribing to the Zeek Mailing List.
<http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek>

Follow us on Twitter <https://twitter.com/zeekurity>

Join the Slack Channel.
<https://join.slack.com/t/zeekorg/shared_invite/enQtOTc3MzMxNDI1NDYxLTA1NzhhMTgxNWI1OTk2NjlkMTdjNzY1Nzk5NDk2ZDY1MDBkYWIxOWNjNDE2NDc2MGI5OWM3ZDllYzBmZmNhNDM>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200407/ba35a3c4/attachment-0001.html 


More information about the Zeek mailing list