[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: [Zeek] Zeek Monthly Newsletter - Issue 6 - July 2020 - Now Available!
From: Amber Graner <akgraner () corelight ! com>
Date: 2020-07-08 14:22:40
Message-ID: CAJhOzuqFUDFDTRHhgU_SWDKEy5h7yFH9K1yK8_snnF+WOiXTsw () mail ! gmail ! com
[Download RAW message or body]
Zeek Monthly Newsletter - Issue 6 - July 2020 - Now Available!
You can view the blog post at:
https://zeek.org/2020/07/08/zeek-monthly-newsletter-issue-6-july-2020/
Below is the plain text version.
++++++++++++++++++++++++++
Issue 6 – July 2020
Welcome to the Zeek Monthly Newsletter! Issue 6 covers June 2020 as
well as upcoming events.
_______________________________
In this Issue:
> TL;DR
> Development Updates
> Zeek Blog
> Zeek In The Community
> New Zeek Packages
> Zeek in Enterprise
> Upcoming Events
> Zeek Related Jobs
> Get Involved
______________________________
TL;DR
Three new community packages are now available for detecting
CallStranger, GnuTLS CVE-2020-13777, and Ripple20..
Notable webinars topics included Security Onion, Brim, Zeek
Scripting, Spicy and Corelight's role in the Zeek Community.
The Zeek Project, Brim, Security Onion Solutions and Corelight all
released software updates in June.
The Zeek LT is soliciting feedback on Zeek governance:
https://www.surveymonkey.com/r/zeekgovernancesurvey
More information about upcoming changes to the project governance:
http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-June/015382.html
________________________________
Development Updates
Zeek 3.0.7 and 3.1.4 now released (containing security + bug fixes):
http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-June/015372.html
More information about project release cadence:
https://github.com/zeek/zeek/wiki/Release-Cadence
https://github.com/zeek/zeek/wiki/Security-Release-Process
________________________________
Zeek Blog
5 June 2020 – Community Call Notes and Recording – Each month we have
an open call with the community. This is the summary of the June 2020
call. http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-June/015372.html
7 Dos And Don'ts For Zeek Scripting – In this blog post, Anthony Kasza
of Corelight gives an introduction to some of the pitfalls he had to
learn about when writing Zeek scripts. Anthony includes code snippets
and more. https://zeek.org/2020/06/08/7-dos-and-donts-for-zeek-scripting/
Zeek From Home – Episode 4 – Security Onion (Part 1) – Recording Now
Available! – Doug Burks, Founder of Security Onion and CEO of Security
Onion Solutions discussed the history of the project and explained
what's new. https://zeek.org/2020/06/09/zeek-from-home-episode-4-security-onion-recording-now-available/
Zeek From Home – Episode 5 – Brim Security – Recording Now Available!
– Phil Rzewski, Technical Director and Steve McCanne, Coding CEO at
Brim Security discussed Brim's open source app and more.
https://zeek.org/2020/06/09/zeek-from-home-episode-5-brim-security-recording-now-available/
Zeek Package Contest – ZPC-2 – Winners Announced! – Find out who won
ZPC-2 and what packages were submitted.
https://zeek.org/2020/06/15/zeek-package-contest-zpc-2-winners-announced/
Zeek From Home – Episode 6 – Zeek Scripting 101 to 495 in 45 Mins. –
Recording Now Available! – Aashish Sharma of Berkeley Lab and the
Zeek Project Leadership Team made a lively presentation on Zeek
Scripting. https://zeek.org/2020/06/17/zeek-from-home-episode-6-zeek-scripting-101-to-495-in-45-mins-recording-now-available/
Zeek From Home – Episode 7 – Spicy – Recording Now Available! – Robin
Sommer, CTO of Corelight and the Zeek Project Lead updated the
community on the new Zeek parser generator.
https://youtu.be/FZWVbKQyBmM
Zeek From Home – Episode 8 – Corelight's Role in the Zeek Community. –
Recording Now Available! – Greg Bell, CEO of Corelight updated the
Community on Corelight's commitment to support the Zeek Project and
its community. https://youtu.be/kgC9nxIqlCc
Zeek Monthly Newsletter – Issue 5 – June 2020 –
https://zeek.org/2020/06/18/zeek-monthly-newsletter-issue-5-june-2020/
________________________________
Zeek in the Community
Webcast – On June 25, 2020, John Gamble, Alex Kirk, and Matt Bromiley
presented ‘The Power of Using Network Alerts and Evidence with
Open-Source Suricata and Zeek (Bro)'. The webcast focused on bringing
the power of both FOSS tools together via the Community ID, and shows
the power of combining signal + evidence.
https://www.sans.org/webcasts/power-fusing-network-alerts-evidence-open-source-suricata-zeek-bro-115855
Webinar – Zeek And Ye Shall Find! – A Zeek Primer by Fatema Bannat
Wala of ESnet – This tutorial was targeted towards the basics of Zeek
NMS, and helping answer basic questions about architecture,
deployment, and value as an open source NSM.
https://youtu.be/29SEaMVF7Fg
New versions of Brim (v0.12.0) and zq (v0.16.0) released – JA3 and
HASSH fields are now populated in the Zeek logs for encrypted traffic
imported into Brim. Several bugs have also been fixed. The Brim
downloads page has links for the latest versions for Windows, macOS,
and Linux. https://github.com/brimsec/brim/releases and
https://github.com/brimsec/zq/releases
Elastic 6.8.10 now available for Security Onion! –
https://blog.securityonion.net/2020/06/elastic-6810-now-available-for-security.html
Zeek 3.0.7 now available for Security Onion! –
https://blog.securityonion.net/2020/06/zeek-307-now-available-for-security.html
securityonion-sostat – 20120722-0ubuntu0securityonion145 now available
for Security Onion! –
https://blog.securityonion.net/2020/06/securityonion-sostat-20120722.html
Security Onion Hybrid Hunter Beta 3, Community ID, and Sysmon! –
https://blog.securityonion.net/2020/06/security-onion-hybrid-hunter-beta-3.html
Detecting the New CallStranger UPnP Vulnerability With Zeek
-Corelight's Ryan Victory explains the motivation behind his new
open-source package for detecting the CallStranger exploit.
https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
Detecting GnuTLS CVE-2020-13777 using Zeek – Corelight's Johanna
Amanngives a technical description of the GnuTLS CVE-2020-13777
vulnerability shows how it can be identified in network traffic, and
provides a short Zeek script for detection. .
https://corelight.blog/2020/06/11/detecting-gnutls-cve-2020-13777-using-zeek/
Ripple20 Zeek package open sourced – Corelight's Ben Reardon discusses
his new open-source Zeek package that detects the presence of
tell-tale signs associated with exploitation of Ripple20.
https://corelight.blog/2020/06/30/ripple20-zeek-package-open-sourced/
________________________________
New Zeek Packages
> Detecting the New CallStranger UPnP Vulnerability With Zeek – \
> https://github.com/corelight/callstranger-detector
> Detecting GnuTLS CVE-2020-13777 using Zeek \
> –https://github.com/0xxon/cve-2020-13777
> Ripple20 Zeek package open sourced – https://github.com/corelight/ripple20
________________________________
Zeek In Enterprise
Security Onion Hybrid Hunter 1.4.0 – Beta 3 Available for Testing! –
Security Onion Solutions announced the release of "Hybrid Hunter"
1.4.0 AKA Beta 3. In this release, Security Onion Solutions continues
to embrace Community ID as a way to correlate different data types.
They also sponsored the development of an Elasticsearch Ingest
Processor that can automatically generate Community ID values for ANY
logs that contain the necessary IP address and port information.
https://blog.securityonion.net/2020/06/security-onion-hybrid-hunter-140-beta-3.html
Security Onion Hybrid Hunter 1.4.1 Available for Testing! –
https://blog.securityonion.net/2020/07/security-onion-hybrid-hunter-141-now.html
Chocolate and Peanut Butter: Zeek and Suricata – Corelight Chief
Product Officer Brian Dye announced a new software release that
closely integrates Zeek and Suricata, with three key benefits.
https://corelight.blog/2020/06/16/zeek-and-suricata-corelight-v19/
Zeek & Sigma: Fully Compatible for Cross-SIEM Detections – Corelight's
Alex Kirk explains how the company teamed up with SOC Prime to
integrate Zeek logs with Sigma, a generic signature language that
enables cross-SIEM detections from a single toolset.
https://corelight.blog/2020/06/25/zeek-sigma-fully-compatible-for-cross-siem-detections/
________________________________
Upcoming Events
July
(Events will be updated as we get more information.)
> 9 July 2020 – Brim Webinar – 11am PDT/2pm EDT – This webinar will cover some \
> of the developer basics (material will be JavaScript-centric as Brim is written \
> with Electron/React).
Invite link: https://zoom.us/j/94487542434?pwd=YUh2NDlJVUdJUWRVUWpRU2xrYTIxUT09
> 10 July 2020 – Monthly Community Call – Noon PDT/3pm EDT – This is a \
> recurring call and you will be able to select all upcoming community calls.
Registration Link:
https://corelight.zoom.us/meeting/register/tJcldO6qrTMrG9Kwsu6_qHsUeAvdjLmMw6-i
> 15 July 2020 – ZEEK FROM HOME –11am PDT/2pm EDT – DPD (Dynamic Protocols \
> Detection) and presented by Jan Grashoefer his talk will be based on \
> https://arxiv.org/abs/1912.03962 which is a research paper entitled "Attacks on \
> Dynamic Protocol Detection of Open Source Network Security Monitoring Tools"
Registration Link –
https://corelight.zoom.us/webinar/register/WN_sSTXJPODRSeTGhBrXKZc3Q
> 15 July 2020 – ZEEK COMMUNITY CTF –1-3pm PDT/4-6pm EDT
Registration Link –
https://corelight.zoom.us/meeting/register/tJYqceGgqjwvGNXFYKgLYVQheMs8KhZnCQpu
> 22 July 2020 – ZEEK FROM HOME –11am PDT/2pm EDT – Topic and Presenter TBD
Registration Link –
https://corelight.zoom.us/webinar/register/WN_W_cJVVykQh-jT6ogoPCKTw
> 23 July 2020 – ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT
Registration Link –
https://corelight.zoom.us/meeting/register/tJAlce6trjIsHtPe4jx4h12JTEzYhSRdv96w
> 29 July 2020 – ZEEK FROM HOME –11am PDT/2pm EDT – JA3 and presented by Jeff \
> Atkinson.
Registration Link –
https://corelight.zoom.us/webinar/register/WN_Gjh6eHImT56SUHP6XSs7BA
If you know of any Zeek related events that you would like to share
with the community in the monthly newsletter, please email
news@zeek.org or share on the Zeek mailing list (zeek@zeek.org).
About Zeek From Home: A weekly webinar featuring Zeek users,
developers and invited guests These presentations ARE recorded and
shared with the community. https://zeek.org/2020/03/31/zeek-from-home/
About Ask The Zeeksperts: A bi-weekly webinar in which Zeek users,
developers and invited guests answer technical questions. The
community is invited to "drop in" to these calls and ask questions.
These webinars are NOT recorded (unless otherwise noted).
About Zeek Community CTF (Capture the Flag) Events: Players will
compete head-to-head on dozens of security challenges using Zeek data
using Splunk, Elastic, or CLI tools.. Sign up Today! Game winner will
take home bragging rights and a $100 Amazon Gift Card.
About Monthly Zeek Community Call: Monthly calls that are open to
everyone to discuss topics related to the growth, governance and
administration of the community. These calls ARE recorded.
________________________________
Zeek Related Jobs
> From Bricata
Front End Engineer Position –
https://bricata.com/careers/front-end-engineer-position/
Senior Software Engineer Position –
https://bricata.com/careers/senior-software-engineer-position/
> From Brim
Front End Engineer – https://www.brimsecurity.com/team/front-end-engineer/
From Corelight
Cloud Architect – https://www.corelight.com/company/careers/2220883
Principal Engineer, CI and Infrastructure –
https://www.corelight.com/company/careers/2220598
> From LinkedIn
Sr. Zeek/Bro Engineer – https://www.linkedin.com/jobs/view/1863997545/
BRO/ZEEK SME Engineer and Programmer with Security Clearance –
https://www.linkedin.com/jobs/view/1935842486/
ZEEK Engineer/ Subject Matter Expert (Active Secret Clearance Desired)
– https://www.linkedin.com/jobs/view/1855505919/
BRO/ZEEK SME Engineer and Programmer with Security Clearance –
https://www.linkedin.com/jobs/view/1903016798/
Cyber Threat Hunter – Great Benefits & Company Equity (REMOTE) –
https://www.linkedin.com/jobs/view/1898353609/
Cyber Threat Hunter – Great Benefits & Company Equity (REMOTE) –
https://www.linkedin.com/jobs/view/1898351761/
Senior Cyber Threat Hunter – Company Equity (REMOTE) –
https://www.linkedin.com/jobs/view/1898354628/
Incident Response / Triage Team Lead –
https://www.linkedin.com/jobs/view/1906760359/
Cyber Security Analyst – https://www.linkedin.com/jobs/view/1926562351/
Strategic Initiatives Lead Analyst –
https://www.linkedin.com/jobs/view/1910034594/
CSIS Cyber Program DevOps Team Lead –
https://www.linkedin.com/jobs/view/1906764185/
________________________________
Get Involved
If you are interested in getting involved with the Zeek Newsletter,
please email news at zeek dot org
Stay up to date by subscribing to the Zeek Mailing List:
http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek
Follow us on Twitter: https://twitter.com/zeekurity
Join our slack channel: http://bit.ly/ZeekOrgSlackInvite
_______________________________________________
Zeek mailing list
zeek@zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic