Release of Zeek 6.0.0 Introduces Improved Traffic Analysis System and Network Invasion Detection
July 13, 2023 – Zeek, formerly known as Bro, has officially released Zeek 6.0.0, a powerful traffic analysis system designed to detect network invasions and track security events. Zeek is a platform primarily focused on analyzing network traffic and is not limited to this application. The system, originally written in C++, is now available under the BSD license.
Zeek 6.0.0 provides a platform for analyzing various network application protocols, allowing users to gather detailed information on network activity and connections. It offers an object-oriented language for writing monitoring scenarios and identifying anomalies specific to different infrastructures. The system is optimized for use in high-bandwidth networks and includes an API for integration with third-party information systems and real-time data exchange.
The latest release of Zeek, version 6.0.0, introduces several new features and enhancements:
| Feature | Description |
|---|---|
| ZEEKJS Implementation | A new plugin that allows developers to use JavaScript as an alternative language for scenario development. The implementation is based on libnode, a C++ version of Node.js, offering access to the Zeek API and support for processing more than 500 events. |
| Built-in Support for Community ID | Zeek now includes support for Community ID, a feature that allows attaching marks to individual network flows using hash identifiers from addresses and source ports. |
| Spicy-Plugin Capabilities | The new release incorporates the capabilities of the Spicy-Plugin plugin, enabling the creation of analyzers in the object-oriented SPICY language. This language is optimized for the analysis of protocols and structured data, with parsers for the Finger and Syslog protocols now leveraging Spicy. |
| Data Download in JSON Format | Scripts now offer the ability to download data in JSON format, with the addition of the FROM_JSON() function. |