[Zeek] Zeek Monthly Newsletter – Issue 4 – May 2020

Mon May 11 13:03:14 PDT 2020

Below is Issue 4 of the Zeek Monthly Newsletter. You can also find it at:
https://zeek.org/2020/05/11/zeek-monthly-newsletter-issue-4-may-2020/

==Issue 4 - May 2020==

Welcome to the Zeek Monthly Newsletter, Issue 4 covers April  2020 as well
as upcoming events.

===In this Issue:===

* General Community News/Updates
* Development Updates
* Zeek in the News
* Zeek In, Near and Around then Community
* Interviews/Blog Posts
* Threat of the Month
* Upcoming Events
* New Zeek Related Packages
* Publication Schedule
* Get Involved

===General Community News/Updates===

* The Zeek Package Contest Is Still OPEN - ZPC-2 - The ZPC contest series
is intended to inspire Zeek users to demonstrate their creativity and
ingenuity while winning the admiration of their peers, and giving back to
the community. The ZPC-2 contest will focus on the MITRE ATT&CK™ Framework,
more specifically packages that help detect C2 Techniques. Find out more
about how you can participate in ZPC-2 at:
https://zeek.org/2020/04/06/zeek-package-contest-zpc-2/

* Check out the Virtual Events this month!! - We have a full line up of
events in May. Presentations for Zeek From Home include Looking Deeper into
the Zeek 3.0 - Major Changes, Point Releases and more; Suricate and
Security Onion.  Ask the Zeeksperts will be hosted by Suricate and Brim and
new for this month is a virtual Zeek community CTF (Capture the Flag)
event.  You can find out more about how to register for these events below
in the events section.

===Development Updates===

* Zeek 3.0.4 and 3.1.2 release (security + bug fixes) - These releases fix
several bugs, including one potential security issue due to a stack
overflow in the POP3 analyzer (thanks to Matteo Rizzo for the report). -
http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-April/015262.html

* The New IO Loop in Zeek 3.1 - This blog post describes the new
architecture for the IO loop and changes made to IO sources to support the
new architecture. - https://zeek.org/2020/04/03/the-new-io-loop-in-zeek-3-1/

* Issue Tracker:  If you would like to see the issues currently being
tracked, help resolve a few or file an issue you can do so at: :
https://github.com/zeek/zeek/issues

===Zeek In, Near and Around The Community===

* Zeek 3.0.5 now available for Security Onion! - More details,
documentation and release notes can be found at:
https://blog.securityonion.net/2020/04/zeek-305-now-available-for-security.html

* Brim’s Open Source Desktop application which was first announced in
March, but still being seen in Twitter feeds and mailing lists around the
community.  You can find out more about it at:
https://github.com/brimsec/brim

* New Research: Open Source Tools! -  By Augusto Barros  -  In this Gartner
blog post, author Augusto’s Barros is looking for some input on some
research that he is doing. “The intent is to look at the most popular open
source tools used by security operations teams out there. Things like the
ELK stack, Osquery, MISP and Zeek.”  If you’d like to learn more what he’s
looking for or event lend a hand, check out:
https://blogs.gartner.com/augusto-barros/2020/04/17/new-research-open-source-tools/

* Four Key Elements for Comprehensive Network Threat Detection - This
article by Bricata looks at the following key elements for a better
understanding of network threat detection: Deep Packet Inspection
(Signature-Based) Detection, Behavioral Anomaly-Based (Stateful) Detection,
File Hashing and Detection, Artificial Intelligence and Machine Learning
Detection and more.
https://securityboulevard.com/2020/04/four-key-elements-for-comprehensive-network-threat-detection/

* COVID-19 CTI LEAGUE and CRITICAL PATH SECURITY Intel feed - CTI League
and Critical Path Security has shared an updated COVID-19 threat feed for
Zeek.  It includes COVID-19 CTI public data, Critical Path Security data
collection from dns.log, as well as data from PREDICT. Find out more at:
https://github.com/CriticalPathSecurity/COVID-THREAT-INTEL-PUBLIC-ZEEK/blob/master/README.md

===Interviews/Blog Posts===

* Zeek From Home – Episode 1 – Zeek-Agent – Recording Now Available -
Zeek-Agent is an endpoint monitoring agent that provides host activity to
Zeek. More information about Zeek-Agent can be found on the Zeek blog and
Github
These webinars are recorded and if  you were unable to attend the
Zeek-Agent Zeek From Home episode we have made the following available:
video, audio only and slides.
Many thanks to all those who participated!! Keep those questions and
feedback coming!!
Find out more at:
https://zeek.org/2020/04/17/zeek-from-home-episode-1-zeek-agent-recording-now-available/

* Writing My First Protocol Analyzer - Anthony Kasza from Corelight walks
you through his experience with writing his first protocol analyzer for
Zeek. - https://zeek.org/2020/04/16/writing-my-first-protocol-analyzer/

* Got Zoom? - This may be helpful for some out there. It's a simple package
that works on Zoom TLS traffic. - https://zeek.org/2020/04/14/got-zoom/

* Zeek Package Contest – ZPC-2 - Announcing a new Zeek Package Contest
(ZPC-2).  This contest will focus on the MITRE ATT&CK™ Framework, more
specifically packages that help detect C2 Techniques. $2500.00 USD to the
first prize winner. (Some restrictions apply) See Blog post for more
details. - https://zeek.org/2020/04/06/zeek-package-contest-zpc-2/

* 2019 Zeek Package Contest Summary & Winners - In case you weren't at
ZeekWeek last year, here's the list of winning submissions and a summary of
each Package contributed to the first Zeek Package Contest (ZPC-1) Many
thanks to all those who made it a success! -
https://zeek.org/2020/04/06/2019-zeek-package-contest-summary-and-winners-zpc-1/

===Threat of the Month===

Do you have a threat you’d like to share with the community and how using
Zeek in your security stack helped you identify that threat? Please email
news at zeek.org and we’ll work with you to get it written up and shared in
the next newsletter.

===Upcoming Events===

The following is a list of Zeek Related online/virtual events for May 2020.

====Ask the Zeeksperts====

Ask the Zeeksperts  is a one hour bi-weekly call that is hosted by various
“Zeeksperts” in the community.  This is where you can drop by and ask your
Zeek Related questions.  The webinars are free to attend, but registration
is required.

* 14 May  2020  - 12:30pm PST/3:30pm EST - Suricata - Jason Ish, Suricata
Senior Developer and Peter Manev, Lead QA for Suricata - Bring those
Suricate related questions and ask the experts!
Registration:
https://corelight.zoom.us/webinar/register/WN_KN8qo9ZDTfKL1nKl1inmQA

* 28 May  2020 - 12:30pm PST/3:30pm EST - Brim Security - Phil Rzewski -
3:30 - Brim experts will be on hand to answer all your questions about
their latest open source desktop application release.
Registration:
https://corelight.zoom.us/webinar/register/WN_lXJb4F5WTRSQ1BQasln9HA

====Zeek From Home====

This is a new weekly webinar series, where the community can share their
Zeek Related presentations (scripts, use cases, how to’s, unique usages,
lessons learned etc).  These will be recorded.

* 12 May 2020 - 2pm EST/11am PST - Looking Deeper into the Zeek 3.0 - Major
Changes, Point Releases and more with Tim Wojtulewicz.  If you have
questions about the Zeek 3.0 release then this is the presentation for you.

Registration:
https://corelight.zoom.us/webinar/register/WN_Hbp2Xm-mSbSRTgbwRMqtPA

* 20  May 2020 - 2pm EST/11am PST - Suricata - Victor Julien, OISF Founder
and Suricata's Lead Developer and Josh Stroschein, Ph.D., Director of
Training and Academic Initiatives
Registration:
https://corelight.zoom.us/webinar/register/WN_9haXhmcKR7aSEhKyzT9ICA

* 27 May 2020 - 2pm EST/11am PST - Security Onion  - Doug Burks
Registration:
https://corelight.zoom.us/webinar/register/WN_5t5TdekCQYSkYp_b2K5Ngw

====Capture the Flag Events====

These events are free but registration is required. See links below for
more information.

* 15 May 2020 4-6pm Eastern - Zeek Community CTF (Capture the Flag) -
Players will compete head-to-head on dozens of security challenges using
Zeek data in both Splunk and Elastic. Players can also use open-source Zeek
tools on a CLI.
Registration:
https://www.eventbrite.com/e/zeek-community-ctf-capture-the-flag-tickets-10477636894

* Corelight Virtual Hunt from Home (Every Tuesday and Thursday)  - A free,
2-hour Virtual Capture the Flag event hosted by Corelight, where players
compete to answer security challenges using Zeek data in Splunk and
Elastic. The security challenges model realistic IR and hunting queries and
can help you uplevel your Zeek log proficiency. Corelight experts will be
on hand during the game to guide players of all skill levels through two
exciting hunt scenarios. Sign up for one of eight virtual CTF spots in May.
Game winners will take home bragging rights and a $100 Amazon Gift Card.
https://www3.corelight.com/ctf/hunt-from-home

If you know of any Zeek related events that you would like to share with
the community in the monthly newsletter, please email news at zeek.org or
share on the Zeek mailing list (zeek at zeek.org).

====Zeek Related Packages/New Packages Added to packages.zeek.org====

* SPL-SPT - Sequence of Payload Lengths/Sequence of Payload Times -
https://packages.zeek.org/packages/view/6b874e00-7ece-11ea-9321-0a645a3f3086

* Got Zoom ? -
https://packages.zeek.org/packages/view/bb1d635f-8060-11ea-9321-0a645a3f3086

====Publication Schedule (Updated)====

Issue 1 - January 2020 (Covers December 2019) - 14 January 2020 -
https://zeek.org/2020/01/14/zeek-monthly-newsletter-issue-1-january-2020/
Issue 2 - March 2020 (Covers January and February 2020) - 2 March 2020 -
https://zeek.org/2020/03/02/zeek-monthly-newsletter-issue-2-march-2020/
Issue 3 - April 2020 (Covers March 2020) - 7 April 2020 -
https://zeek.org/2020/04/07/zeek-monthly-newsletter-issue-3-april-2020/
Issue 4 - May 2020 (Covers April 2020) - 8 May 2020 -
https://zeek.org/2020/05/11/zeek-monthly-newsletter-issue-4-may-2020/
Issue 5 - June 2020 (Covers May 2020) - 1 June 2020
Issue 6 - July 2020 (Covers June 2020) - 6 July 2020
Issue 7 - August 2020 (Covers July 2020) - 3 August 2020
Issue 8 - September 2020 (Covers August 2020) - 7 September 2020
Issue 9 - October 2020 (Covers September 2020) - 5 October 2020
Issue 10 - November 2020 (Covers October 2020) - 2 November 2020
Issue 11 - December 2020 (Covers November 2020)  - 7 December 2020
Issue 12 - Special Issue - (Year End Review) - 21 December 2020

====Get Involved====

If you are interested in getting involved with the Zeek Newsletter, please
email news at zeek.org.

Join the News Slack Channel at:
https://join.slack.com/t/zeekorg/shared_invite/enQtOTc3MzMxNDI1NDYxLTA1NzhhMTgxNWI1OTk2NjlkMTdjNzY1Nzk5NDk2ZDY1MDBkYWIxOWNjNDE2NDc2MGI5OWM3ZDllYzBmZmNhNDM

Follow us on Twitter at: https://twitter.com/Zeekurity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200511/6115d70f/attachment-0001.html 