Tuesday, June 11, 2019

Open Source Zeek Leadership Team Meeting Minutes - 31 May 2019



The open source Zeek project Leadership Team (LT) is made up of contributors from multiple organizations throughout the community. The LT acts as both a technical steering committee and governance body. You can find out more about the LT on the team page of the website.

Below are the notes from the LT meeting held on 31 May 2019.


Zeek.org Leadership Team Members (Bold indicates attendance)

  • Keith Lehigh (Chair), Indiana University
  • Johanna Amann, International Computer Science Institute/Corelight/Lawrence Berkeley National Laboratory
  • Seth Hall, Corelight
  • Vern Paxson, Corelight & University of California at Berkeley
  • Michal Purzynski, Mozilla Foundation
  • Aashish Sharma, Lawrence Berkeley Lab
  • Adam Slagell, ESnet
  • Robin Sommer, Corelight

  • Amber Graner*, Corelight, Director of Community for the Open Source Zeek Community
         *not a member

Agenda

  • Trademark Discussion  (Amber)
  • Keynotes  (Keith)
  • Zeek Package Contest (Amber)
  • Analytics Discussion Scheduling (Keith)

Minutes

  • Trademark Discussion - The LT Discussed the current Name and Logo Usage Statement - https://www.zeek.org/documentation/marks.html Out of the discussion came the following action items to look into:
    • Create a Reciprocal Logo Usage Agreement
    • Update the Marks Usage Documentation
    • Create a standard Cease and Desist letter
  • Keynotes - LT Members will continue reaching out to potential keynote speakers for ZeekWeek 2019.
  • Zeek Package Contest - Amber brought up the Zeek Package Contest that Corelight would like to host leading up to ZeekWeek 2019. Amber to take LT feedback to the Corelight team and present the details of the program at the next LT meeting.
  • Analytics Discussion Scheduling - Keith to scheduling an additional LT meeting to discuss analytics tools for the website.

Helpful Links and information:


Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and/or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be, just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.
About Zeek (formerly Bro): Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. https://www.zeek.org/

Wednesday, June 5, 2019

People of Zeek Interview Series - Introducing Zeke Medley and Zeke on Zeek

Amber Graner (AG): Hi Zeke. Thank you so much for taking the time to answer my questions and let the community know who you are and what Zeek related items you’re working on.

Zeke Medley (ZM): Hi Amber :-)

AG: Zeke can you take a moment to tell people a little about yourself and what you’re doing for the Open Source Zeek Project?


ZM: I started getting interested in programming in 7th grade when I wrote a tiny rock-paper-scissors program over the summer. Since then, I’ve remained fairly interested in rock-paper-scissors, but have branched out a little bit. My first introduction to network security was probably freshman year of high school when one of my friends figured out that he could remotely open disk drives in our schools computer labs with the command line and I wrote him a little script to do it for all the computers in a lab. These days I’m a freshman studying Electrical Engineering and Computer Sciences at Berkeley and also working in a makerspace on campus called the Invention Lab.

On the Zeek side I’m wrapping up work on a data structure to match a string against a large set of patterns that Robin started a while ago and I just finished adding key-value for loops to the Zeek scripting language. Moving forward I hope to stay involved in the open source project, and we’ll see what projects I end up working on.

AG: What drew you to Zeek and how did you get involved with the project?

ZM: My name being Zeke definitely made it stand out to me, but I was actually first introduced to it when I met Christian at a career fair. He seemed like a really nice guy and the whole project was right in line with my interests. I made my first pull request adding some basic string functions to the language and the rest is recent history.

AG: What’s the most interesting thing you’ve learned about Zeek so far?

ZM: At first I was pretty intimidated by just how big Zeek is. There is a lot going on and it's a fairly complex program. The more I’ve learned about it though the better I think it's designed. Zeek is very extensible. Once you get the hang of it .bif files make adding new functionality to the language pretty fun and straightforward.

AG: Can you tell the community about the “Zeke on Zeek” series we’ll be starting soon and what they can expect to read about?

ZM: “Zeke on Zeek” is a series of blog posts we’ve been talking about pretty much since I got started that I hope will offer some sort of roadmap for people getting started working on Zeek. Zeek is a big project and putting together how it all works can be pretty challenging at times, so I’ll be laying out my experience in the hope that it can help other people interested in contributing to the project.

AG: For those who are thinking about interning for the first time, can you share some things you’ve learned or are learning about how to balance your time between school, your internship, and personal projects?

ZM: I know it sounds silly, but I genuinely enjoy the vast majority of what I do. School can be really challenging at times and making anything, be it a data structure or drone, seems to be more of a process of learning from repeated failure than actually creating anything that works, but I think there is something profound about that. In my (albeit rather limited) experience the more comfortable I become with failure the easier things get.

AG: Is there anything that you’d like to share about yourself of Zeek that I haven’t asked you about?

ZM: I’ve been really floored by Zeek and its community because insofar as I can tell they seems to be genuinely out to do good for the world. Not only is the whole project open source, it's also out to help solve pressing problems we have with network security these days.


Helpful Links and information:

Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and/or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be, just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.

About Zeek (formerly Bro): Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. https://www.zeek.org/