by Michelle Pathe | May 6, 2026 | community
Getting Zeek deployed is one thing. Keeping it running well is another, and it looks different for every environment. Last month, we asked the Zeek community: once Zeek is in production, what does the ongoing care actually look like? What do you monitor, what have you...
by Michelle Pathe | Apr 8, 2026 | community
A Zeek user spent years maintaining a careful system of named test PCAPs, tracking which scripts belonged to which tests and building a testing workflow from scratch. Then they discovered btest, Zeek’s built-in testing framework that automatically creates...
by Michelle Pathe | Apr 2, 2026 | community, Workshop
Close to 100 people gathered at CERN in Geneva on March 25-26 for Zeek Workshop Europe 2026. The two-day event brought together practitioners from across Europe for knowledge sharing, training, and networking. The workshop kicked off with presentations covering Zeek...
by Michelle Pathe | Mar 31, 2026 | community, How-to
Blocking scanners at your network edge solves one problem but creates another: Zeek will log every failed connection attempt, filling conn.log with noise from hosts you’ve already blocked. A simple log filtering hook can eliminate this noise. Aaron Scantlin from...
by Michelle Pathe | Mar 19, 2026 | community, getting started
Your first Zeek script doesn’t need to detect malware, stop threats, or solve a critical security problem. In fact, it probably shouldn’t. David Fitz learned Zeek through a SANS course and wanted to try his first script in his homelab. Instead of detecting...
RSS - Posts