Tuesday, June 11, 2019

Open Source Zeek Leadership Team Meeting Minutes - 31 May 2019



The open source Zeek project Leadership Team (LT) is made up of contributors from multiple organizations throughout the community. The LT acts as both a technical steering committee and governance body. You can find out more about the LT on the team page of the website.

Below are the notes from the LT meeting held on 31 May 2019.


Zeek.org Leadership Team Members (Bold indicates attendance)

  • Keith Lehigh (Chair), Indiana University
  • Johanna Amann, International Computer Science Institute/Corelight/Lawrence Berkeley National Laboratory
  • Seth Hall, Corelight
  • Vern Paxson, Corelight & University of California at Berkeley
  • Michal Purzynski, Mozilla Foundation
  • Aashish Sharma, Lawrence Berkeley Lab
  • Adam Slagell, ESnet
  • Robin Sommer, Corelight

  • Amber Graner*, Corelight, Director of Community for the Open Source Zeek Community
         *not a member

Agenda

  • Trademark Discussion  (Amber)
  • Keynotes  (Keith)
  • Zeek Package Contest (Amber)
  • Analytics Discussion Scheduling (Keith)

Minutes

  • Trademark Discussion - The LT Discussed the current Name and Logo Usage Statement - https://www.zeek.org/documentation/marks.html Out of the discussion came the following action items to look into:
    • Create a Reciprocal Logo Usage Agreement
    • Update the Marks Usage Documentation
    • Create a standard Cease and Desist letter
  • Keynotes - LT Members will continue reaching out to potential keynote speakers for ZeekWeek 2019.
  • Zeek Package Contest - Amber brought up the Zeek Package Contest that Corelight would like to host leading up to ZeekWeek 2019. Amber to take LT feedback to the Corelight team and present the details of the program at the next LT meeting.
  • Analytics Discussion Scheduling - Keith to scheduling an additional LT meeting to discuss analytics tools for the website.

Helpful Links and information:


Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and/or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be, just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.
About Zeek (formerly Bro): Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. https://www.zeek.org/

Wednesday, June 5, 2019

People of Zeek Interview Series - Introducing Zeke Medley and Zeke on Zeek

Amber Graner (AG): Hi Zeke. Thank you so much for taking the time to answer my questions and let the community know who you are and what Zeek related items you’re working on.

Zeke Medley (ZM): Hi Amber :-)

AG: Zeke can you take a moment to tell people a little about yourself and what you’re doing for the Open Source Zeek Project?


ZM: I started getting interested in programming in 7th grade when I wrote a tiny rock-paper-scissors program over the summer. Since then, I’ve remained fairly interested in rock-paper-scissors, but have branched out a little bit. My first introduction to network security was probably freshman year of high school when one of my friends figured out that he could remotely open disk drives in our schools computer labs with the command line and I wrote him a little script to do it for all the computers in a lab. These days I’m a freshman studying Electrical Engineering and Computer Sciences at Berkeley and also working in a makerspace on campus called the Invention Lab.

On the Zeek side I’m wrapping up work on a data structure to match a string against a large set of patterns that Robin started a while ago and I just finished adding key-value for loops to the Zeek scripting language. Moving forward I hope to stay involved in the open source project, and we’ll see what projects I end up working on.

AG: What drew you to Zeek and how did you get involved with the project?

ZM: My name being Zeke definitely made it stand out to me, but I was actually first introduced to it when I met Christian at a career fair. He seemed like a really nice guy and the whole project was right in line with my interests. I made my first pull request adding some basic string functions to the language and the rest is recent history.

AG: What’s the most interesting thing you’ve learned about Zeek so far?

ZM: At first I was pretty intimidated by just how big Zeek is. There is a lot going on and it's a fairly complex program. The more I’ve learned about it though the better I think it's designed. Zeek is very extensible. Once you get the hang of it .bif files make adding new functionality to the language pretty fun and straightforward.

AG: Can you tell the community about the “Zeke on Zeek” series we’ll be starting soon and what they can expect to read about?

ZM: “Zeke on Zeek” is a series of blog posts we’ve been talking about pretty much since I got started that I hope will offer some sort of roadmap for people getting started working on Zeek. Zeek is a big project and putting together how it all works can be pretty challenging at times, so I’ll be laying out my experience in the hope that it can help other people interested in contributing to the project.

AG: For those who are thinking about interning for the first time, can you share some things you’ve learned or are learning about how to balance your time between school, your internship, and personal projects?

ZM: I know it sounds silly, but I genuinely enjoy the vast majority of what I do. School can be really challenging at times and making anything, be it a data structure or drone, seems to be more of a process of learning from repeated failure than actually creating anything that works, but I think there is something profound about that. In my (albeit rather limited) experience the more comfortable I become with failure the easier things get.

AG: Is there anything that you’d like to share about yourself of Zeek that I haven’t asked you about?

ZM: I’ve been really floored by Zeek and its community because insofar as I can tell they seems to be genuinely out to do good for the world. Not only is the whole project open source, it's also out to help solve pressing problems we have with network security these days.


Helpful Links and information:

Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and/or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be, just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.

About Zeek (formerly Bro): Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. https://www.zeek.org/

Friday, May 31, 2019

Open Source Leadership Team Meeting Minutes - 17 May 2019



The open source Zeek project Leadership Team (LT) is made up of contributors from multiple organizations throughout the community. The LT acts as both a technical steering committee and governance body. You can find out more about the LT on the team page of the website.

Below are the notes from the LT meeting held on 17 May 2019.


Zeek.org Leadership Team Members (Bold indicates attendance)
  • Keith Lehigh (Chair), Indiana University
  • Johanna Amann, International Computer Science Institute/Corelight/Lawrence Berkeley National Laboratory
  • Seth Hall, Corelight
  • Vern Paxson, Corelight & University of California at Berkeley
  • Michal Purzynski, Mozilla Foundation
  • Aashish Sharma, Lawrence Berkeley Lab
  • Adam Slagell, ESnet
  • Robin Sommer, Corelight
Other Attendees (Non-Member)
  • Amber Graner, Corelight, Director of Community for the Open Source Zeek Community
  • Tamara Crawford*, Creative Director, Corelight
    • Helping with the LT with Logo Redesign

Agenda

  • Logo Discussion
  • Web Analytics next steps - will be discussed at the next LT Meeting
  • ZeekWeek Site (Amber)
  • Sponsor Prospectus (Amber)
  • Keynote update (Keith)
  • Trademark issue (Keith)

Minutes

  • Logo Discussion - Discussion continues, narrowed down designs. Agreed to separate mascot from logo. Mascot will be another discussion. Nicole Fisher who is doing the logo design couldn’t make it to the LT meeting so Tamara Crawford attended for Nicole. Nicole to present new mockups to the LT for discussion before next meeting. Amber to draft a blog post on why we are changing the logo. Logo to be finished by Mid August so that we can have it and all giveaways ready with the new logo for ZeekWeek. Please note: Corelight is working with the LT and funding the logo redesign.
    • Amber will help liaison between Corelight and LT and be a back up to Adam
    • Better understanding on need to accelerate decision pace
      • SWAG is important
      • Takes 6 Weeks prior to an event to get Mugs laser etched
      • Stickers
      • Tshirts
    • Logo to be finalized by Mid-August
    • Animal Mascot will be separate from Logo allows for more branding and marketing options
    • Other Ideas
      • Networking Type “Z” that is incorporated with the “eek” of “Zeek” or that can stand alone
      • Schedule follow-up call with Nicole, Adam and Tam once we have all the feedback from the LT
  • Web Analytics next steps - will be discussed at the next LT Meeting as we ran out of time at this meeting to discuss.
  • Keynote update (Keith) - Continues to reach out to prospective keynote speakers.
  • Trademark issue (Keith) - Keith continues to reach out to those in violation on a case by case basis.

Other Topics

  • ZeekWeek Steering Committee (SC) vs ZeekWeek Program Committee (PC) - The LT will continue to function as the SC but this year will have a PC will be different from the LT. The PC will decide on what talks/presentations will get selected for ZeekWeek 2019. Keith will chair the PC and will be inviting people to join the PC. Invitees will be chosen from past ZeekWeek (BroCon speakers). Talks will be submitted through the ZeekWeek website.


Helpful Links and information:

Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and/or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be, just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.

About Zeek (formerly Bro): Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. https://www.zeek.org/

Thursday, May 23, 2019

ZeekWeek 2019 - Call For Participation - Registration Now Open





ZeekWeek 2019 will be held on 8-11 October 2019 at King Street Ballroom & Perch, Hilton Embassy Suites in Seattle Washington and registration is now open. ZeekWeek this year includes a one day Training Workshop event which is being held the day before the ZeekWeek talks begin on 9 October 2019.

Attendees to ZeekWeek are users, developers, incident responders, threat hunters and architects who rely on the open-source Zeek network security monitor as a critical element in their security stack. Don’t forget to register today!

Do you want to help shape the future of open-source Zeek and influence the direction of the project? If so, we have the following opportunities for participation available:

Presentations* - ideas include but not limited to the following:
  • Interesting user stories, solutions, or research projects
  • A tool for solving problems
  • A postmortem analysis of a security incident, emphasizing Zeek’s contribution
  • The value Zeek brings to your professional work
  • Using Zeek for more than intrusion detection
  • Idea for panel discussion
*PLEASE, NO PRODUCT PRESENTATIONS*

Abstracts for talk submissions must be submitted by 12 July 2019 and speakers will be notified by 26 July 2019. If your talk is accepted a slide template and instructions will be sent to you. Please fill out the online form to submit your presentation suggestions.

Sponsorships - See sponsorship opportunities online. Deadline for all sponsorships is 30 August 2019 If you have questions about sponsorship opportunities please email events@zeek.org.

If you’re wondering what to expect at this event, check out the videos and slides from last year’s event.

We look forward to Zeeking out with you all in Seattle in October!!


Helpful Links

Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.

About Zeek (formerly Bro): Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. https://www.zeek.org/

About Corelight: Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

Tuesday, May 7, 2019

Open Source Zeek Leadership Team Meeting Minutes - 3 May 2019


The open source Zeek project Leadership Team (LT) is made up of contributors from multiple organizations throughout the community. The LT acts as both a technical steering committee and governance body. Currently, the LT meets every two weeks. You can find out more about the LT on the team page of the website.


Below are the notes from the LT meeting held on 3 May 2019.

Zeek.org Leadership Team Members (Bold indicates attendance)

  • Keith Lehigh (Chair), Indiana University
  • Johanna Amann, International Computer Science Institute & Corelight & Lawrence Berkeley National Laboratory
  • Seth Hall, Corelight
  • Vern Paxson, Corelight & University of California at Berkeley
  • Michal Purzynski, Mozilla Foundation
  • Aashish Sharma, Lawrence Berkeley Lab
  • Adam Slagell, ESnet
  • Robin Sommer, Corelight

  • Amber Graner*, Corelight, Director of Community for the Open Source Zeek Community
        *not a member

Agenda

  • Sharing LT notes with community (Amber)
  • Google Analytics in Zeek.org (Amber)
  • Keynote candidates (Keith)
  • Logo discussion (Adam)
  • Other topics

Minutes

  • Sharing LT notes with community - Amber brought up this topic so that the community has more insight into the actions of the LT. The LT voted and of those in attendance all voted "yes" to share the notes. It was decided that Amber will take notes and distribute to the community.
  • Google Analytics in Zeek.org - Amber brought up this topic to better understand how the community used the website and to establish baseline metrics and measure growth. The LT decided to review Google Analytics as well as alternatives prior to making to finalizing the approach. LT will review at the next LT Meeting. Johanna will present on alternate options. Amber will present on Google Analytics.
  • Keynote candidates - for ZeekWeek 2019 - Keith updated the group on options for keynotes. Keith will reach out to the LT’s candidate choices and will update group at the next LT Meeting.
  • Logo discussion - Adam is managing the logo redesign effort. Adam was not able to attend this meeting; however the group did discuss logo considerations. Amber to update Adam on LT’s discussion. Some considerations:
    • No owl - too many other projects/companies use a version of an owl
    • Explore other motifs around the “ee” of “Zeek” 
    • Continue exploring Abstract ideas 
    • Possibly more professional Logo with animal mascot that isn’t part of Logo
    • Need to expedite the decision 
  • Other topics
    • ZeekWeek 2020 - Explore cities for 2020 so we can announce at ZeekWeek 2019. LT agreed and suggested investigating Denver and San Francisco Bay Area.
    • Trademark infringement - Keith will reach out to offending organization. 


Helpful Links and information:

Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and/or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be, just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.

About Zeek (formerly Bro): Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. https://www.zeek.org/






Monday, April 22, 2019

Google Season of Docs

As part of the submission and ongoing docs refresh for Zeek.org below is the list of projects we are submitting for Google Season of Docs consideration.

  • Introduction to Zeek (rewrite)
  • How to install Zeek (rewrite)
  • How to write a Script for Zeek Guide (rewrite and new)
  • How to write a Plugin for Zeek (rewrite and here)
  • Updating and Deepening Framework Documents (rewrite)
  • Update Try Zeek.org documents (rewrite)
  • Using Elastic to Analyze Zeek data (new)

Zeek documentation can be found on our Read The Docs site.

More information about Zeek can be on the Zeek website.

We are going to be refreshing all the documentation as part of the name change from Bro to Zeek.

We’d like to hear from you, the Zeek community, on what you think is missing from our documentation (if not listed above).

Also, what sections of the documentation do you rely on most and what improvements to those sections would you like to see? Please send suggestions to info@Zeek.org.

Helpful Links and information:

Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.

About Zeek (formerly Bro): Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. https://www.zeek.org/

Thursday, April 18, 2019

Save the Date - ZeekWeek 2019



Save the Date 



October 8th - 11th

ZeekWeek 2019 
(formerly BroCon)

King Street Ballroom & Perch, Hilton Embassy Suites

255 South King Street, Seattle WA 98104


This year ZeekWeek (formerly BroCon) will be held 8-11 October 2019 in the King Street Ballroom & Perch at the newly renovated Hilton Embassy Suites in Seattle Washington.

Attendees will be able to “Zeek-out” on workshops, training, community presentations and visit with each of the vendors, sponsors and more.

Haven’t been to a Zeek event? Check out the lineup from last year.

Registration and Call for Participation will open soon, so check back often.

Helpful Links and information:

Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.

About Zeek (formerly Bro): Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. https://www.zeek.org/