zeek June 2021

zeek@lists.zeek.org

4 participants
4 discussions

by bhavyaraj.chauhan611＠gmail.com

I'm trying to learn zeek signature signature file name: dns.sig signature dns-intel{ ip-proto == udp dst-port == 53 payload /.*life|.*bar/ event "[Suspicious DNS Query]" } Zeek file name: myfirst.zeek event signature_match (state: signature_state, msg: string, data: string) { if (state$sig_id == "dns-intel") { print fmt ("[Suspicious DNS query] %s", state$conn$dns$query) } I'm getting error in line 5 : rule defined twice what's the problem here ?? }

22 hours, 42 minutes

Zeek security/bugfix release: 4.0.2

by Tim Wojtulewicz

Downloads for Zeek 4.0.2 are available: https://zeek.org/get-zeek https://download.zeek.org/zeek-4.0.2.tar.gz See the release notes for details of the addressed bugs and security issues: https://github.com/zeek/zeek/releases/tag/v4.0.2 Binary packages for the new releases will also be available shortly: https://github.com/zeek/zeek/wiki/Binary-Packages

1 week, 3 days

Zeek Stepping Stone analyzer

by Johanna Amann

Hi Everyone, We are considering removing the Stepping Stone analyzer from Zeek. Currently the analyser is deactivated by default (this has been the case since at least release 2.0). It also is basically undocumented, does not work in cluster setups, potentially has a few bugs - and is integrated into the codebase in a bit of an oddball way. We are interested to hear if anyone is actively using the Stepping Stone analyser - and what you are using it for. If you are using it - could you either answer here or to me directly. Thank you, Johanna

1 week, 3 days

REMINDER - ZEEK MONTHLY COMMUNITY CALL - 2 JUNE 2021

by Amber Graner

Hi all, We have our monthly community call tomorrow. It's a quick 30 minute meeting full of updates and opportunities. *2 June 2021 – ZEEK MONTHLY COMMUNITY CALL – 10am Pacific/1pm Eastern *– Join the monthly call to discuss topics related to the growth, governance and administration of the community. *AGENDA:* ======= > Zeek Leadership Team Update > Zeek Technical Update > Zeek Subgroup Update * Documentation * Training * Testing * News > Events * Zeek Webinars * ZeekWeek 2021 *Register at:* https://corelight.zoom.us/meeting/register/tJAqdu6gqzgvG9LqPt_zpfGex7NtR_HW… Please let me know if you have any questions. Thanks, ~Amber

1 week, 4 days

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

zeek June 2021