Zeek Network Security Monitor v3.0.1 releases: powerful network analysis framework
Zeek Network Security Monitor
Zeek is a powerful framework for network analysis and security monitoring. It is a powerful system that on top of the functionality it provides out of the box, also offers the flexibility to customize analysis pretty much arbitrarily
Zeek’s domain-specific scripting language enables site-specific monitoring policies.
Zeek targets high-performance networks and is used operationally at a variety of large sites.
Zeek is not restricted to any particular detection approach and does not rely on traditional signatures.
Zeek comprehensively logs what it sees and provides a high-level archive of a network’s activity.
Zeek comes with analyzers for many protocols, enabling high-level semantic analysis at the application layer.
Zeek keeps extensive application-layer state about the network it monitors.
Zeek interfaces with other applications for real-time exchange of information.
Zeek comes with a BSD license, allowing for free use with virtually no restrictions.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous many educational and scientific institutions for securing their cyberinfrastructure.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Zeek v3.0.1 releases.
This is a bug-fix release addressing the following:
setwith composite keys
- #615: add
print_raw()BIF as convenience/workaround for #596
- #595: json logging performance regression
- #602: external plugins can’t find paraglob header
- #593: improve sub-microsecond interval printing/descriptions
- bc18ca4: ptr_func Xcode compiler warnings
- zeek/broker#58: Broker Xcode compiler warnings
set[enum]options don’t work
- #606: ambiguous json format for vectors with null elements
- #611: memory leak and “incorrect” field order in RecordVal JSON formatting
- #632: fix
redefof table to use a different
- zeek/broker#67: potential libc++ mismatch between CAF and Broker
- #667: fix signature matching for payload-carrying TCP SYN packets
- #678: fix ZEEK_PROFILER_FILE
- #649: fix OpenBSD build
- #685: fix RPC call parsing
Copyright (c) 1995-2016, The Regents of the University of California through the Lawrence Berkeley National Laboratory and the International Computer Science Institute. All rights reserved.