Zeek.org has recently published the release of Zeek 8.0.0, a traffic analysis system previously known as Bro. Zeek is a platform focused on security event tracking and network intrusion detection. The system code is written in C++ and is distributed under the BSD license.
The platform is designed for analyzing various network application protocols with connection state consideration, allowing detailed network activity logging. It offers an objective-oriented language for creating monitoring scenarios and detecting anomalies tailored to specific infrastructures. Zeek is optimized for high-bandwidth networks and provides an API for real-time data exchange with third-party systems.
In the new Zeek 8.0.0 release:
- Plugins now allow users to set network stream identifiers (Flow Tuple), including additional context like VLAN tags or encapsulated traffic identifiers for VXLAN and Geneve, to avoid conflicts in complex networks.
- A new cluster backend based on Zeromq is introduced for improved interaction between cluster nodes and data serialization. While Broker’s backend is currently used by default, the plan is to switch to Zeromq backend to eliminate the need for proxies when distributing nodes via broadcast messages.
- A Parser for the Redis DBMS protocol is added, ensuring the parsing of intercepted operations.
- The SMTP analyzer now supports extracting mail messages (RFC 822) and saving them using the file analyzer in .eml format.
- FTP analyzer now includes support for the AUTH TLS extension.
- NAPTR records are now recognized in the DNS analyzer.
- PPPOE now offers the ability to extract session identifiers.
- An update merges the separate logs analyzer.log and dpd.log into a consolidated logzer.log.
- The parser generator for analysis and files is updated to Spicy 1.14, providing new optimization and removal of unused function parameters.
- The Logschema package is introduced, allowing users to change the log format to JSON or CSV instead of traditional text logs. The minimum supported versions include GCC 10, Clang 8, and Visual Studio 2022.
/Reports, release notes, official announcements.