[Zeek] Zeek Monthly Newsletter - Issue 5 - June 2020 - Now Available!

Amber Graner akgraner at corelight.com
Thu Jun 18 13:07:37 PDT 2020


Zeek Monthly Newsletter - Issue 5 - June 2020 - Now Available!

You can view the blog post at:
https://zeek.org/2020/06/18/zeek-monthly-newsletter-issue-5-june-2020/

Below is the plain text version.

++++++++++++++++++++++++++++


Welcome to the Zeek Monthly Newsletter, Issue 5 covers May 2020 as
well as upcoming events.
________________________________

IN THIS ISSUE:

> TD;LR
> Development Updates
> Zeek Blog
> Zeek In The Community
> New Zeek Related Packages
> Zeek in Enterprise
> Upcoming Events
> Zeek Related Jobs
> Get Involved
________________________________

TD;LR

This newsletter covers items found in, near and around the community
in May 2020.  You’ll also see upcoming events for the remainder of
June and July.  For those events that have already happened we have
included the links.

We’ve also included a list of Zeek related jobs, Zeek Packages that
were added in May and we have added a new section - Zeek in
Enterprise.


+ We Need Your Feedback +

We are always looking for ways to improve our engagement opportunities
and as such we have a few surveys we’d like to get your feedback on.
Depending on your areas of interest please take a moment to give us
your feedback.

> Cloud Security - https://www.surveymonkey.com/r/ZeekCloudSecuritySurvey
> Webinar Survey - https://www.surveymonkey.com/r/zeekwebinarsurvey
> Governance Survey - https://www.surveymonkey.com/r/zeekgovernancesurvey
> Package Contest Survey - https://www.surveymonkey.com/r/zeekpackagecontestsurvey

+ Live Streaming +

Zeek YouTube Channel - https://www.youtube.com/zeekurity

We are now Live Streaming all our recorded webinars to YouTube.  We
have also added a Zeek From Home Playlist. -
https://www.youtube.com/watch?v=-iwD1BYA1s0&list=PL2EYTX8UVCMiLeD0NwUK0_QqAyEeivLkN

________________________________

DEVELOPMENT UPDATES

Zeek 3.0.6 and 3.1.3 release (security + bug fixes) -
http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-May/015308.html

Announcing the (New) Spicy Parser Generator - The Spicy parser
generator makes it substantially easier for Zeek to support and parse
new protocols and file formats. -
https://zeek.org/2020/05/18/announcing-the-new-spicy-parser-generator/

________________________________

ZEEK BLOG

1 May 2020 - Community Call Notes and Recording - Each month we have
an open call with the community.  This is the summary of the May 2020
call. http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-May/015306.html


People of Zeek Interview Series – Matthias Vallentin of Tenzir -
Matthias is the Co-Founder and CEO of Tenzir as well as an active Zeek
community member. -
https://zeek.org/2020/05/05/people-of-zeek-interview-series-matthias-vallentin-of-tenzir/


People of Zeek – Interview Series – Phil Rzewski of Brim Security -
Phil is the Technical Director at Brim Security and an active Zeek
community member. -
https://zeek.org/2020/05/06/people-of-zeek-interview-series-phil-rzewski-of-brim-security/

Zeek From Home – Episode 2- Looking Deeper into the Zeek 3.0 – Major
Changes, Point Releases and more – Recording Now Available! -
https://zeek.org/2020/05/15/zeek-from-home-episode-2-looking-deeper-into-the-zeek-3-0-major-changes-point-releases-and-more-recording-now-available/

Zeek From Home – Episode 3- Suricata - Recording Now Available! -
https://zeek.org/2020/05/27/zeek-from-home-episode-3-suricata/

Zeek (Bro) Install Session - with Fatama Bannat Wala and Virtually
Testing Foundation -

Issue 4 of the Zeek Monthly Newsletter -
https://zeek.org/2020/05/11/zeek-monthly-newsletter-issue-4-may-2020/

________________________________

ZEEK IN THE COMMUNITY

University supercomputers shut down over cryptocurrency mining malware
- Leading educational facilities among those whose supercomputers were
infected - in the UK, Switzerland Germany and one suspected in Spain -
according to reports. -
https://www.scmagazineuk.com/university-supercomputers-shut-down-cryptocurrency-mining-malware/article/1683477

Expert Reaction On Supercomputers Across Europe Infected with
Cryptomining Malware - Multiple supercomputers across Europe have been
infected with cryptocurrency mining malware and have shut down to
investigate the intrusions, according to ZDNet. Security incidents
have been reported in the UK, Germany, and Switzerland, while a
similar intrusion is rumoured to have also happened at a
high-performance computing centre located in Spain.See what experts
have to say on the matter.
https://www.informationsecuritybuzz.com/expert-comments/expert-reaction-on-supercomputers-across-europe-infected-with-cryptomining-malware/


Security Onion Hybrid Hunter 1.3.0 - Beta 2 Available for Testing!  -
Help test the next major release of Security Onion -
https://blog.securityonion.net/2020/05/security-onion-hybrid-hunter-130-beta-2.html


securityonion-capme - 20121213-0ubuntu0securityonion79 resolves a
Reflected XSS - vulnerability - Kevin Breen responsibly disclosed a
Reflected XSS vulnerability in CapMe. We've improved input validation
to address this vulnerability and a package is now available -
https://blog.securityonion.net/2020/05/securityonion-capme-20121213.html


20200501 Edition of Security Onion Documentation printed book now
available! - A printed version of Security Onions Official online
documentation is now available in print. Check it out at:
https://blog.securityonion.net/2020/05/20200501-edition-of-security-onion.html


Zeek 3.0.6 now available for Security Onion! -
https://blog.securityonion.net/2020/05/zeek-306-now-available-for-security.html


Security Onion 16.04.6.6 ISO image now available featuring Zeek 3.0.5,
Suricata 4.1.8, Elastic 6.8.8, CyberChef 9.20.3, and more! -
https://blog.securityonion.net/2020/05/security-onion-160466-iso-image-now.html


How to install Zeek (aka bro) - Virtually Testing (Video) - Fatema
Bannat Wala, CISSP walks participants through how to install Zeek on
an Ubuntu. https://www.youtube.com/watch?v=4b_dW5JdE5U

________________________________

NEW ZEEK PACKAGES

> SMB Fingerprinting Zeek package - https://github.com/micrictor/smbfp
> Zeek-known-outbound - https://github.com/dopheide-esnet/zeek-known-outbound
> Rdfp - https://github.com/yahoo/rdfp
> icannTLD - https://github.com/corelight/icannTLD

________________________________

ZEEK IN ENTERPRISE

Corelight Co-founders Receive Prestigious IEEE Test of Time Award -
Dr. Vern Paxson and Dr. Robin Sommer's landmark 2010 paper on the
challenges of machine learning for intrusion detection honored for its
enduring influence on the security industry -
https://www.prnewswire.com/news-releases/corelight-co-founders-receive-prestigious-ieee-test-of-time-award-301060331.html


Latest Version of the Bricata Network Security Platform Adds MITRE
ATT&CK Support and Simplified Workflows - This update adds powerful
support for the MITRE ATT&CK framework, support for high-density data
nodes to improve storage and scalability, alert grouping for
streamlined management and response, support for virtualization on
Amazon Web Services (AWS), and more.
https://securityboulevard.com/2020/05/latest-version-of-the-bricata-network-security-platform-adds-mitre-attck-support-and-simplified-workflows/


________________________________


UPCOMING EVENTS (JUNE AND JULY)


About Zeek From Home:  A weekly webinar presentation series where Zeek
users, developers and invited guests can present on Zeek related
topics.  These presentations are recorded and shared with the
community.  These webinars ARE recorded. You can find out more about
Zeek From Home at: https://zeek.org/2020/03/31/zeek-from-home/


About Ask The Zeeksperts: Is a bi-weekly webinar series where Zeek
users, developers and invited guests can answer technical questions
about adopting, implementing and using Zeek data.  The community is
invited to “drop in” to  these calls and ask your questions.   These
webinars are NOT recorded (unless otherwise noted).


About Zeek Community CTF (Capture the Flag) Events: Players will
compete head-to-head on dozens of security challenges using Zeek data
in both Splunk and Elastic. Players can also use open-source Zeek
tools on a CLI. Sign up Today! Game winner will take home bragging
rights and a $100 Amazon Gift Card.


About Monthly Zeek Community Call:  These are monthly calls that are
open to the community to discuss topics related to the growth,
governance and administration of the community.  These calls are open
to the community and recorded.

UPCOMING JUNE EVENTS

> 24  June 2020 – ZEEK FROM HOME -11am PDT/2pm EDT – Corelight’s role in the Zeek Project – host Greg Bell –
Registration: https://corelight.zoom.us/webinar/register/WN_88w_WCX_TnOen7uUI_YckA


> 25 June  2020 – ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT – Zeek  – host Seth Hall
(UPDATED LINK) Registration Link:
https://corelight.zoom.us/meeting/register/tJcqdeuopz8sGNTaVIuNLcfiuoghJ4QgO2ko

UPCOMING JULY EVENTS

(Events will be updated as we get more information.)


> 8 July  2020 – ZEEK FROM HOME –11am PDT/2pm EDT - Topic and Presenter TBD
Registration Link -
https://corelight.zoom.us/webinar/register/WN_88o6MH5zTXargf731ZNSwg


> 9 July 2020 –  ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT
Registration Link  -
https://corelight.zoom.us/meeting/register/tJMtdOChqTIoHtM3eOLVs6gq2KwI9-pW0GCZ


> 10 July 2020 - Monthly Community Call - 3pm EDT - This is a recurring call and you will be able to select all upcoming community calls.
Registration Link:
https://corelight.zoom.us/meeting/register/tJcldO6qrTMrG9Kwsu6_qHsUeAvdjLmMw6-i


> 15 July  2020 – ZEEK FROM HOME –11am PDT/2pm EDT  - Topic and Presenter TBD
Registration Link -
https://corelight.zoom.us/webinar/register/WN_sSTXJPODRSeTGhBrXKZc3Q


> 15 July  2020 – ZEEK COMMUNITY CTF –1-3pm PDT/4-6pm EDT
Registration Link  -
https://corelight.zoom.us/meeting/register/tJYqceGgqjwvGNXFYKgLYVQheMs8KhZnCQpu


> 22 July  2020 – ZEEK FROM HOME –11am PDT/2pm EDT  - Topic and Presenter TBD
Registration Link -
https://corelight.zoom.us/webinar/register/WN_W_cJVVykQh-jT6ogoPCKTw


> 23 July 2020 –  ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT
Registration Link  -
https://corelight.zoom.us/meeting/register/tJAlce6trjIsHtPe4jx4h12JTEzYhSRdv96w


> 29 July  2020 – ZEEK FROM HOME –11am PDT/2pm EDT - JA3 and presented by Jeff Atkinson.
Registration Link -
https://corelight.zoom.us/webinar/register/WN_Gjh6eHImT56SUHP6XSs7BA


PAST WEBINARS - JUNE (LINKS TO RECORDINGS BELOW):


> 5  June 2020 – MONTHLY COMMUNITY CALL -Noon PDT/3pm EDT -
Link Notes and Recording -
http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-May/015306.html

> 10  June 2020 – ZEEK FROM HOME –11am PDT/2pm EDT –  Zeek Scripts – 101 to 595 – host Aashish Sharma
Links to Blog Post and Recording -
https://zeek.org/2020/06/17/zeek-from-home-episode-6-zeek-scripting-101-to-495-in-45-mins-recording-now-available/

> 11 June  2020 – ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT – Security Onion – host Doug Burks
Link to Video - https://youtu.be/UBqTsQTOv90

> 17  June 2020 – ZEEK FROM HOME -11am PDT/2pm EDT –  Spicy – host Robin Sommer –
Link to Video: https://youtu.be/FZWVbKQyBmM

If you know of any Zeek related events that you would like to share
with the community in the monthly newsletter, please email
news at zeek.org or share on the Zeek mailing list (zeek at zeek.org).

________________________________

ZEEK RELATED JOBS

> From Brim

Front End Engineer - https://www.brimsecurity.com/team/front-end-engineer/

> From LinkedIN

Network-Based System Analyst Lead -
https://www.linkedin.com/jobs/view/1875715533/
Network-Based System Analyst Lead -
https://www.linkedin.com/jobs/view/1883331295/
Sr Cyber DefenseTechnologist I - https://www.linkedin.com/jobs/view/1854283720/
Sr Cyber Defense Technologist I - https://www.linkedin.com/jobs/view/1883301962/
Cyber Defense Technologist II - https://www.linkedin.com/jobs/view/1897092520/
Cyber Defense Technologist II - https://www.linkedin.com/jobs/view/1893187670/
Cyber Network Defense (CND) Architect -
https://www.linkedin.com/jobs/view/1854258959/
Cyber Defense Technologist II - https://www.linkedin.com/jobs/view/1893737933/
Cyber Network Defense (CND) Architect -
https://www.linkedin.com/jobs/view/1903965203/

________________________________

GET INVOLVED

If you are interested in getting involved with the Zeek Newsletter,
please email news at zeek.org.

Stay up to date by subscribing to the Zeek Mailing List:
http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek

Follow us on Twitter: https://twitter.com/zeekurity

Join our slack channel: http://bit.ly/ZeekOrgSlackInvite



More information about the Zeek mailing list