Zeek Blog
Zeek 8.1 Development Update
The first release candidate for Zeek 8.1 is out! This release includes the last major building block in our multi-release effort to move Zeek's cluster communication off of Broker. Work on this release began in August and includes the switch to ZeroMQ as Zeek's...
Developing Zeek Scripts with Style
Whether you're extending Zeek's functionality or integrating it into a larger NDR stack, your work probably involves some form of source code. While that code is ultimately a means to an end, I like code to be neat: fit for the task, to the point, understandable, and...
Common Mistakes When Deploying Zeek (and How to Avoid Them)
We recently asked the community something we've been curious about for a while: What kind of hardware are you using to run Zeek? What does that setup even look like? What started as a straightforward question about specs and sizing quickly turned into something...
5 Ways the Zeek Community Actually Uses Logs
Plenty of people generate Zeek logs, but not everyone knows what to do with them. We asked the Zeek community to share their real-world approaches, and they delivered. We heard everything from automation scripts to quantum cryptography research and, honestly, we...
Inside Zeek Training at NSF Cybersecurity Summit
On October 20, 2025, the Zeek team hosted a full-day training at the NCAR facility in Boulder as part of the NSF Cybersecurity Summit. With 52 registrations and about 50 people showing up, the room was packed with a diverse crowd: professors, postdocs, students,...
Integrating Zeek With Third-Party Applications (a hack.lu Recap)
Last week, Zeek's Technical Lead Christian Kreibich presented at hack.lu in Luxembourg, a conference that draws around 400 security practitioners spanning both offensive and defensive disciplines. His talk tackled a challenge we hear about constantly from power users:...
5 Ways to Contribute to the Zeek Project for the First Time
This summer we ran the Zeek Project Survey to get a clearer picture of how people use Zeek, what challenges they face, and where our team should focus our efforts next. One area we asked about was contribution: how people are (or aren’t) getting involved in the...
The Storage Framework in Action
I’ve talked in a video and a blog post recently about the new Zeek storage framework. This blog post expands upon those previous posts to explain how to actually use the framework. It will do this by adapting an existing policy script to use the new features to...
Zeek’s Storage Framework Explained
Until Zeek 7.2, storing data across a cluster could be tricky and inefficient. The new Storage Framework changes that. This post explains the old model, the new framework, and what’s coming next. The Old Model: Broker Storage Storage in Zeek traditionally has run...
ZeroMQ Cluster Backend: Try It Out in Zeek 8
With Zeek 8.0, we’re taking the first step toward a major shift in cluster communication. A new ZeroMQ backend is now available, making it simpler to run clusters and opening the door for more flexible backends in the future. Prefer a quick walkthrough? Check out our...
Introducing Zeek 8
We’re proud to announce the release of Zeek 8.0! This release introduces a range of technical innovations and culminates architectural improvements we’ve been working on since the release of Zeek 7 a year ago. Customizable Flow Tuples For the first time ever, it’s now...
Zeek Project Survey Results: What We Heard and What’s Next
This summer we asked Zeek users, contributors, and curious newcomers from around the world to take our 2025 Zeek Project Survey. Your feedback was honest, actionable and sometimes quite direct—which was exactly what we needed. Here are a few key themes that stood out,...
Zeek 8.0 Development Update
Zeek 8.0, our next long-term support (LTS) release, is just a few weeks away! Time for a quick recap of what the development team has been up to lately, and a look at our planned release timeline. The major features we planned for this release have landed at this...
Help Us Build the Best Zeek Yet: Community Survey Launching June 23
On June 23, we’re launching the Zeek Project Survey 2025 to understand how the community is currently using Zeek, what challenges you face, and where you want to see the project grow. This survey is a key part of our mission: to develop Zeek in a way that enables the...
Are Spicy parsers slower than Binpac parsers?
Within Zeek, there are two separate parser generators: Binpac (the old one) and Spicy (the new one). Both allow users to write protocol parsers by declaring what the protocol looks like rather than writing C++ code to parse it. Binpac parsers are difficult to write....
Introducing Zeek 7.2
The Zeek team is proud to announce Zeek 7.2! Work on this release began in December 2024 and includes some 1,200 commits, 330 merged pull requests, and 130 closed issues. The 7.2 release brings important new features, matures Zeek’s ability to run on alternative...
Meet the New Zeek Community Liaison
Hi everyone! I’m excited to introduce myself as the new Community Liaison for Zeek and a non-voting member of the Zeek Leadership Team. I joined the team two weeks ago, and I’ve spent that time diving headfirst into the community: meeting contributors, listening to...
Zeek 7.2 Development Update
We’re three months into the Zeek 7.2 development cycle, so now is a good time to share an update about ongoing development and our planned timeline for the Zeek’s next feature release. We recently merged two of the biggies planned for this release: the new storage...
Building a Redis Analyzer with Spicy, Part II
In our last post, we left off with a functional but incomplete analyzer for Redis. It analyzed RESP (Redis Serialization Protocol) traffic, crudely created “command” objects, then sent that off into Zeek script in events in order to log it. It created something nice,...
Building a Redis Analyzer with Spicy
You can find the source code referenced throughout this post here — though, it is quite different from what is written here. Redis is an in-memory, key-value database. Its primary use is for caching. It does this over the network, but it’s only really meant to be used...
Introducing Zeek 7.1
The Zeek team is proud to announce Zeek 7.1! Work on this release began in July 2024 and includes some 1,400 commits, 340 pull requests, and 130 closed issues. The 7.1 release introduces new user-visible features, contains many bugfixes, and advances a bunch of...
Zeek 7.1 Development Update
We're closing in on Zeek 7.1, the next feature release in Zeek’s current release cycle. Here's a quick look at our planned release timeline. Early next week the last planned 7.1 features will land in our master branch. We're planning to fork the release branch and...
Upcoming Zeek Workshop in Munich, Germany
Are you curious about Zeek? Do you live within reach of Munich, Germany? If so, we’ve got something special for you! The Zeek Project is thrilled to offer a two-day Zeek community workshop in Munich, Germany, on February 26th & 27th, 2025. Come and join us for technical talks, hands-on training, and discussions about Zeek, its many applications, and its future. Meet Zeek developers and leadership team, and connect with your colleagues. Registration is now open, and attendance is free.
Introducing Zeek 7
The Zeek team is proud to announce the release of Zeek 7! Work on this release began in February 2024 and includes some 1,100 commits, 330 pull requests, and 140 closed issues. As always, we are particularly grateful to our community members who contributed to this...
Zeek Webinar Series Announcement
It’s our pleasure to announce a new series of Zeek Webinars. The webinars will start on August 21st, 10 am Pacific Time and follow a roughly bi-weekly schedule, coinciding with the timeslot that we host our community calls in. The webinars will feature the talks that...
Cancellation of ZeekWeek 2024
Dear Zeek Community, It is with a heavy heart that we have to announce the cancellation of ZeekWeek 2024. We are 45 days from the beginning of the event at the time of this post, and we have around 9 registrations from non-project-affiliated people. With this...
ZeekWeek 2024 – Registration Open!
ZeekWeek 2024 will be held August 13th – 15th at the Caltech Ramo Auditorium in Pasadena, CA. This will be an in-person event. Registration Information Registration is now open! Day 1 and day 2 will consist of talks. If you would like to attend a training on day 3,...
ZeekWeek 2024 – Call for Presentations
ZeekWeek 2024 will be held on August 13th and 14th at the Caltech Ramo Auditorium located in Pasadena, California. Additionally there will be a Zeek training event on August 15th. ZeekWeek will be an in-person event. Presentations will be recorded and published after...
Recent Zeek Performance Improvements
Over the course of the past year we’ve made a number of changes to Zeek that have positively affected its performance, sometimes considerably. This blog post highlights a few places and changes that knowingly improved performance between Zeek 5.2 and Zeek 6.2....
A Note on Package Safety Considerations
On 5 March, the United States Cybersecurity and Infrastructure Security Agency (CISA) released an advisory pertaining to a Zeek package hosted by CISA’s GitHub account. This is not a security issue in Zeek itself but in a third-party provided package. The Zeek project...
RSS - Posts