LT Meeting Notes 2021‐09‐22
Johanna edited this page Oct 4, 2021
·
3 revisions
Meeting date: 2021/09/22
(bold indicates attendance)
- Aashish Sharma, Lawrence Berkeley Lab
- Amber Graner, Corelight (Community Seat, non-voting)
- Fatema Bannat Wala, ESnet
- Johanna Amann, ICSI/Corelight/Berkeley Lab (chair, Zeek merge-master)
- Keith Lehigh, Indiana University
- Nick Turley, Brigham Young University
- Robin Sommer, Corelight (Technical Lead Seat, Zeek merge-master)
- Seth Hall, Corelight (Zeek merge-master)
- Vern Paxson, Corelight & University of California at Berkeley (Founder Seat)
- Christian Kreibich, Corelight (Zeek merge-master)
- Tim Wojtulewicz, Corelight (Zeek merge-master)
-
Introductions of everyone
-
LT update of activities
- The LT gave a short update about the current state of the project
-
Merge-master update of activities and short-term plans
- There are two new Zeek releases with security updates (4.0.4 and 4.1.1)
- Current areas of activity: tunnel analyzers, cluster controller.
- Future projects for 4.2: nb-dns replacement, cleanup tasks.
- 4.2 is currently scheduled for December
- Longer-term future (Zeek 5): we plan to package-ize the remaining policy scripts that are in Zeek.
-
Brainstorming
The rest of the meeting was a brainstorming session about potential helpful changes to Zeek. For a lot of these subjects, we are interested in community feedback – feel free to reach out to us on Slack or via the email list, or bring up ideas in GitHub discussions.
- Script-land
- The Zeek script-level frameworks have not been significantly updated since the big rewrite that happened for Zeek 2.0. We would appreciate feedback by the community about what you are missing in scriptland.
Ideas that were brought up during the meeting:
- Better notice/alert framework
- Better working ActiveHTTP framework
- Richer logging framework supporting deferred asynchronous processing (this might require script-language extensions)
- The Zeek script-level frameworks have not been significantly updated since the big rewrite that happened for Zeek 2.0. We would appreciate feedback by the community about what you are missing in scriptland.
Ideas that were brought up during the meeting:
- Analysis/detection
- There was discussion whether we should do more analysis/detection. The general sentiment was that this is outside of the core project and should be contributed through community packages.
- However, if there are features missing that would make developing packages easier, we are interesting in adding them.
- Packages
- It was brought up that, currently, it is hard to find which packages are worthwhile to install.
- packages.zeek.org is on the list for an overhaul – but we would appreciate feedback on the functionality it should have A vetting process for packages also would be interesting & worthwhile – but that will need a team that can dedicate time for this on an ongoing basis.
- Zeek-agent
- There was a short discussion of the Zeek-agent. Currently there is no roadmap for the project. On the project side, we would really like to continue working on this – but it is unclear if there is enough interest from the community, and what we should focus on.
- If you have any opinions on this, please reach out to us, best done through either this GitHub discussion or the #zeek-agent Slack channel. We would be especially interested in use-cases – so knowing what kind of scripts you would like to see using Zeek-agent data.
- Script-land