2024-10-25 –, Europe - Main Room
This talk provides a tour of new features in the open-source Zeek network monitor that have landed in the past year: scriptability via JavaScript, performance improvements to its scripting language via a new abstract language machine, analyzer development via the Spicy parser generator, a revamped telemetry framework for scraping via Prometheus, and more!
Network monitoring is key for understanding your infrastructure, whether that's your home network or a thousand-seat corporate environment. Zeek is the world's de-facto open-source standard for longitudinal network monitoring — a permissively licensed, mature, battle-hardened platform and ecosystem that runs on anything from Raspberry Pi's to industrial-scale deployments like Microsoft Defender.
Over the past year Zeek has made important strides into new areas, which I'll present in this talk. Top among those are support for scripting Zeek's network events in JavaScript, opening up the Node ecosystem to network analysis; ZAM, the Zeek Abstract Machine, bringing substantial improvements to Zeek's script interpretation performance; expanded use of the Spicy parser generator, and an expansion of Zeek's telemetry framework for easy scraping via Prometheus.
I'll also cover how to get started with Zeek via our Docker images, binary packages, or building it yourself, and will give a sneak preview of our upcoming roadmap.
Christian is the technical lead of the Zeek project, and an engineer at Corelight. He previously spent 5 years heading the networking group at Lastline, and prior to that spent 5 years as a research scientist at the International Computer Science Institute in Berkeley. He has served on the advisory board of the Open Information Security Foundation, and holds a PhD from the University of Cambridge's Systems Research Group. He still rides skateboards, which recently earned him a busted rotator cuff.