Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Windows Networking Open Source Security

Zeek Becoming Part of Microsoft Windows (corelight.com) 21

First released in 1998, the BSD-licensed software Zeek (originally named "Bro") is about to get more widely adopted, writes long-time Slashdot reader skinfaxi: Zeek, the open source network security monitoring platform, is being integrated into Windows and "is now deployed on more than one billion global endpoints," according to an announcement from Corelight.
From Corelight's press release: Corelight, the leader in open network detection and response, today announced the integration of Zeek, the world's most popular open source network security monitoring platform, as a component of Microsoft Windows and Defender for Endpoint. The integration will help security teams respond to the most challenging attacks by providing "richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities."

Originally created by Corelight co-founder and chief scientist Dr. Vern Paxson while at Lawrence Berkeley National Laboratory, Zeek transforms network traffic into compact and high-fidelity logs, file content, and behavioral analytics to accelerate security operations. Vital funding for Zeek came initially from the National Science Foundation and the US Department of Energy's Office of Science. As adoption increased, Corelight was founded to provide a financial model and corporate sponsor for the project....

"Microsoft is strongly committed to supporting open source projects and ecosystems," said Rob Lefferts, corporate vice president for Microsoft. "We're proud to be working with Zeek and are thrilled to bring this level of network intelligence and monitoring to our customers."

"This is an amazing development for Zeek and its community of contributors and users," said Paxson. "I never imagined that the tool I developed for network monitoring would find broader application in defending endpoints — but that's part of the creative magic of open source development.

"We are grateful for Microsoft's contributions and support, and we are excited that the project's impact, and that of the community of contributors, will increase so dramatically."

This discussion has been archived. No new comments can be posted.

Zeek Becoming Part of Microsoft Windows

Comments Filter:
  • by oldgraybeard ( 2939809 ) on Saturday October 22, 2022 @12:47PM (#62988477)
    Embrace, Extend, Extinguish
    • My first thought...

    • Frequently they dont really want to extinguish it, but their improvements are so full of bugs that it kills the whole thing. For example Skype, which was nice until they mangled it.
      • by znrt ( 2424692 )

        that's unfair, skype was considerably crappy software long before microsoft bought it. e.g. as a pure chat client, ms messenger was way better and more stable than skype. the days of chat clients were counted though, and skype simply got first to the voip game and had a huge userbase. that's what several companies paid billions for, not the tech.

    • And yet BSD and Linux still exists, and widely used by them. [youtu.be] Looks like that motto might have to be replaced by embrace, extend, profit.

    • Lol, you dweebs are really really stuck in 1992, when someone said that and now you all think it's true. It's like some bizarre memetic mantra you all just keep repeating as a sort of dweeby-nerd virtue signalling.

      It's a meaningless slogan and has nothing to do with how Microsoft operates. Or wait, did I miss something and have they extinguished Linux or anything else by this nefarious scheme of EEE you imagine they plot in the dark back rooms?

  • by GotNoRice ( 7207988 ) on Saturday October 22, 2022 @12:48PM (#62988479)
    The problem with Windows Defender is that it doesn't just detect Viruses, Malware, and other legitimate threats; it also detects basically anything that Microsoft doesn't want you to use on your computer, regardless of if it's actually harmful for that computer or the person using it. It's becoming more aggressive and will simply remove these "threats" immediately, forcing you to have to go in and restore the files. It's like having a Security Guard monitoring your computer, which sounds nice until you realize that the guard's first priority is to protect Microsoft's profits.
    • Yes. If there's one hallmark of good security software it's permissiveness. If it doesn't know what something is or something is only a little suspicious, the best security software in the world leaves it alone, especially if it's something it thinks the user might want.

      If my sarcasm wasn't heavy-handed enough, let me make it clear I'm mocking your argument heavily.

  • Can't say I've even heard of this - does anyone here actually use it? Other than the Corelight employee that submitted the story, I mean?

    • by dskoll ( 99328 )

      I'd never heard of it either, but it looks pretty cool. I think Snort is the big competitor and the de facto standard, and that's the only one I've heard of.

    • Re: (Score:3, Informative)

      by will_die ( 586523 )
      I am in cyberthreat hunting and we use it all the time, one of our main tools and is widely used in this arena.
      In a simple definition it like wireshark but for larger amounts of traffic. It produces files containing text of all the TCP/IP traffic and most protocols.
    • Re:Zeek (Score:4, Interesting)

      by fuzzyf ( 1129635 ) on Saturday October 22, 2022 @02:47PM (#62988719)
      I use Zeek at home with the Security Onion distribution. It's an Intrusion Detection System distro.

      Highly recommend trying it if you want to learn more or monitor your home network.
      Zeek is not Snort, or anything like a signature based detection system. It parses the network traffic and writes different type of traffic into easily consumable text files (either text or json). In the Security Onion distro Zeek data is imported into Elasticsearch and accessed using Kibana. HTTP, SSH, DNS, DHCP, FTP, SNMP, SMTP, X509 certs being used, etc, etc, etc You can search for specifics or aggregate information in dashboards. Which device is doing what in what time period, or something like the most noisy device, or even figure out devices with scheduled connections (ex. IoT phone home devices). Security Onion can also store pcap files for the actual data traffic.

      It's an awesome way to get to know your local network and to look into details on what is going on. Do you know what your Sonos speaker is doing on your network? What about your internet connected Coffeemaker?

      As for Microsoft bringing Zeek into Defender, I'm not sure. They don't have anything even close to competing with Zeek and Microsoft seems to actually commit to open source these days. Really hope they don't ruin Zeek. It's awesome.
  • I hope we are not getting a post about every tidbit that Microsoft released during Ignite this year, or it's gonna be a few hundred more posts :)

    Ignite was over more than a week ago, this is old news?

Many people write memos to tell you they have nothing to say.

Working...