Issue 10 – May 2021 

In this Issue:

  • Highlights 
  • Zeek Blog
  • Zeek In The Community
  • New Zeek Packages
  • Upcoming Events
  • Zeek Related Jobs
  • Volunteer Opportunities
  • Get Involved

Join over 1500+ Zeek users and fans in 21 Zeek related Slack channels for real-time Q&A, feedback and discussion.


Two new Zeek Subgroups were announced:  Training and Testing 

‘Zeek in Action’ is a new series of videos that explain how Zeek can be used in real world situations. The first two contributions (with more coming soon):   Introduction and How to Set Up a Windows Workstation Using Brim Security and Suspected Malware Compromise

Zeek in Enterprise Day is scheduled for 16 June 2021, and ZeekWeek 2021 will take place on 13-15 October 2021 in Austin, Texas.  Registration and sponsorship information coming soon.

Zeek Blog

Zeek Monthly Newsletter – Issue 9 – April 2021 –

Announcing the Zeek Training Subgroup –

Zeek in Enterprise Day –

Announcing the Zeek Testing Subgroup –

Zeek’s IPSec Protocol Analyzer –

Welcome to Zeek in Action, Video 1, Suspected Malware Compromise –

Spicy 1.0 — Robust Parsers for Protocols & File Formats –

ZPC-3 Winners Announced –

A Zeek OpenVPN Protocol Analyzer in Spicy –

Zeek in Action: Introduction and How to Set Up a Windows Workstation Using Brim Security –

Zeek Blog –

Zeek Mailing list – April

Zeek in the Community

Public funds, public code! By Henrik Kramselund Jereminsen –

Detect C2 ‘RedXOR’ with state-based functionality –

Pingback: ICMP Tunneling Malware –

H&R Block seeks out open-source expertise for SOC –

Malcolm v3.1.0 –

Security Onion Documentation printed book now updated for Security Onion 2.3.50! –

Security Onion 2.3.50 Hotfix available! –

Security Onion 2.3.50 now available! –

Security Onion 16.04 has reached End Of Life –

OpenCTI Integration and a Mature VAST Plugin Framework (Release 2021.04.29) –

New Zeek Packages

Pingback –

Upcoming Events 


27 May  2021 – Zeek Webinar Series –  New Ways to Speed Up Zeek Script Execution

 – 10am Pacific/1pm Eastern – Join Vern Paxson, Founder of Zeek,  as he goes over his latest work around compiling-scripts-to-C++. Zeek’s performance depends in part on how quickly the system executes the user’s scripts, as well as the many predefined scripts Zeek makes available. To date, this execution has used a high-level interpreter, which imposes considerable overhead.  This talk will sketch two new experimental features for executing scripts much more quickly: compiling them to a low-level form (“ZAM”), and directly to C++.  Register at:


2 June 2021 – Zeek Monthly Community Call – Join the monthly call to discuss topics related to the growth, governance and administration of the community. Register at:

8 June  2021 – Zeek Webinar Series –  TBA – 10am Pacific/1pm Eastern – Registration link -TBA

16 June 2021 – Zeek in Enterprise Day – 9am-1pm Pacific/12pm – 4pm Eastern – This is a virtual event.  Organizations which offer Zeek as part of its commercial solutions will be able to present to the Zeek Community. If you would like to present at this event please see the announcement. Registration link coming soon. 

22 June  2021 – Zeek Webinar Series –  TBA – 10am Pacific/1pm Eastern – Registration link -TBA


13-15 October 2021 – ZeekWeek 2021 – Save the date!  We are currently planning for an in-person ZeekWeek event in Austin, Texas.  Seating will be limited at this event, and we will also have a remote participation option.  More information coming soon. 

Past Webinars for 2021 (replay links)

You can see past webinars here

May Community Call 

Zeek Monthly Community Call – 5 May 2021 – Notes, Links to the Recording and more can be found at:

Zeek Webinar Series – This is a bi-weekly webinar series that includes Zeek related presentations, Zeek Q&A and more. We are consolidating the webinars previously known as ‘Ask the Zeekperts’ and ‘Zeek from Home’ into a single series, with a diversity of content planned.  

About Monthly Zeek Community Call:  Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community.  These calls ARE recorded.

Zeek Related Jobs

SOC Lead –

Sr. Zeek/Bro Engineer  –

Principal Software Engineer, Security –

Sr. Zeek/Bro Engineer –

Director, Incident Response (Remote) –

Incident Response Specialist –

FedGov Sr. Consultant, Incident Response –

Escalation Engineer –

Director, Applications  –

Principal Software Engineer, Security –

Defensive Cyber Operations Network Sensor SME with Security Clearance –

Security Analyst  –

And more –

Volunteer Opportunities

  • Blog Content  – we are always in search of new Zeek content, how to’s and more 
  • Interviews – we have a list of people we would like to interview….would you like to get to know people in the community, tell their stories and promote their work?
  • Community Calls – would you like to get involved and help lead these calls?
  • Webinars – Everything from helping to upload to Youtube, write a summary post and help promote.
  • Zeek in Action – is a series of videos for Zeek users and fans. The purpose of the series is to show how analysts can interpret data in Zeek and related formats to solve various networking challenges.
  • Documentation Subgroup – is the group that is responsible for keeping the Zeek Documentation up to date. If you would like to participate in this group, give feedback etc then this is the group for you.  Find out more information at:
  • Training Subgroup – The Zeek training subgroup that will focus on formulating some preliminary goals for Zeek approved training and tackle broader topics in the area of Zeek training. Frequently, we are asked about where people can find Zeek-related training and whether there is a central place to find Zeek-related training content. Hence to address the needs of the community and in general have some training programs that are approved by the Zeek project, we are creating this subgroup to focus on these goals. 

Find out more information at:

  • Testing Subgroup – The goal of the testing subgroup is to stress-test new versions of Zeek with real live traffic from a variety of environments to identify problems and bugs early, to ensure that new Zeek releases are stable and ready for the Zeek community. Find out more information at:

If you are interested in helping with any of the above, please let me know. We’ll work with you and help keep it light and easy.  Thanks in advance!

Get Involved

If you are interested in getting involved with the Zeek Newsletter, please email

More information about the newsletter can be found here.

Stay up to date by subscribing to the Zeek Mailing List.

Join the conversation on Slack

Follow us on Twitter

%d bloggers like this: