BRIM

June 2024 Release

Zed 1.16 & Zui 1.8
Author James Kerr

We’ve been itching to get another release in your hands. Today, that itch has been satisfactorily scratched. Let’s run through the best parts of this June 2024 release.

Zui Highlights

Inline Editor Errors

Red squiggly lines! The Zui app can now detect errors in the query and mark them up within the query editor as you’re writing! It can underline your semantic errors in addition to syntax problems. Here’s an example trying to query a pool that does not exist.

The Zui Editor displaying a semantic error using red squiggly lines.

Apple Silicon Support

We are now creating Apple silicon builds for Zui. We previously only built for Intel and relied on Rosetta to run on the “M” chips. If you are on a newer Mac, you’ll enjoy a performance boost thanks to our friends in Cupertino.

If you’ve been running prior Zui releases on your Apple silicon Mac, you’ll need to perform a one-time manual reinstall to take advantage of the new builds. See this support article for details.

Microsoft Defender Warnings

Heads up! If you are a Windows user installing Zui for the first time, you may encounter fresh, menacing warnings from Microsoft Defender about the software. The “powers that be” have mandated a new and improved process for code-signing Windows applications. Unfortunately, this means Zui must regain its “reputation” with Defender. We’ve jumped through these hoops before and in a few months we expect Zui will move out of the “unknown app” territory. See this troubleshooting guide for more information.

New Settings Pane

The Settings pane received a makeover and a couple new options you may configure:

  1. Extend the default Suricata rules with your own custom additions by pointing to a “rules folder”.
  2. Specify a folder for storing extracted pcap slices.
The Zui Settings page has been redesigned.

Feature Video: Packet Captures

Many of our early users first loved Zui (then called Brim) for its tight integration of Zeek, Suricata, and packet captures. We made a video back then showing off the features, but it’s now very outdated so we’ve refreshed the video to highlight the pcap features in the latest version of Zui.

Zed Highlights

Pretty JSON

You can now pretty print JSON data (with color) using the Zed command-line tools. Beautiful JSON can be achieved by using the options -f JSON -pretty 2 or the shorthand -J to zq or zed query. The number passed to the --pretty option is the number of spaces to indent nested data.

Pretty printed JSON using the -J flag in zq

F-Strings

The Zed language now supports formatted string literals or “f-strings”. You can write expressions within strings that contain the ‘f’ prefix. For example…

echo '{numerator:22.0, denominator:7.0}' \
| zq -z 'yield f"pi is approximately {numerator / denominator}"' -

will output…

"pi is approximately 3.142857142857143"

Download Yours

Download the latest versions of Zui and Zed on our download page or keep an eye out for the auto-update pop-up notification in the app.

Read about every change in the full release notes for Zed and Zui.