Zeek Blog
A first look at Zeek’s new JavaScript support
The Zeek 6 release includes a very powerful new feature: the ability to script Zeek in JavaScript. In this post we’ll explain what this capability brings to Zeek, how it works internally, and where we see it going in the future. Meet JavaScript, Zeek-style Since its...
Introducing a new Zeek event format: ZeekDays
On May 31st, Corelight’s Open Source team hosted a “Meet the Zeek Developers” day in Amsterdam. Different from other Zeek events, this was a very informal gathering without a set agenda; this meeting was an opportunity for exchange between members of the Zeek...
2023 Zeek LT election results
Hello everyone, As previously announced, the nomination period for the Zeek LT closed on August 20th, 2023. To recap – during this election period, we looked to fill four seats on the Zeek leadership team. During the nomination phase, we received nominations for five...
Zeek Project training during NSF summit – Oct 23rd 2023
The Zeek Project team is excited to host a one-day in-person Zeek training event during the NSF cybersecurity summit happening at the Lawrence Berkeley National Laboratory. We will be hosting two trainings: “Intermediate to Zeek” and “Hands-On Zeek Scripting” running...
Zeek LT Election 2023
We just started the process for the third Zeek LT election. During this election, four of the LT seats are up for re-election. The Zeek LT is the governing body of the Zeek project. The work of the Zeek LT mostly revolves around topics such as event planning, outreach...
Introducing Zeek 6
The Zeek team is proud to announce the release of Zeek 6! Work on this release began in February and comprises around 720 commits in 210 PRs. We’re deeply grateful to our contributors in this release cycle, including Jan Grashöfer, Eldon Koyle, Michael Torres, and...
Update: ZeekWeek on Hiatus, Regional Learning Events Announced
We have some important news to share with the Zeek community regarding this year's ZeekWeek conference. After careful consideration and discussions with Corelight, the ZeekWeek sponsor, we have decided that ZeekWeek is going on a hiatus for 2023. However, we are...
Zeek 2023 Community Survey Results
The Zeek project conducted a two week survey of its user community in early 2023, soliciting 98 responses. The majority of respondents (75%) report living in North America, with a plurality (29%) reporting that their closest major city was located on the east coast....
Introducing Zeek 5.2
The Zeek team is proud to announce the release of Zeek 5.2, starting the final line of feature releases in the 5.x cycle. Development on 5.2 began in late September 2022 and has included some 660 commits, 178 PRs, and external contributions from the teams at Microsoft...
Modern developer tooling for Zeek script
The typical experience of developing in a programming language has changed substantially since the time Zeek script was first introduced in the mid 90s. Today users rightfully expect an inclusive environment with approachable ways to interact with the community, and...
Zeek on Windows
As we shared at ZeekWeek 2022 in October, we’re thrilled to announce emerging support for Zeek on Windows, thanks to an open-source contribution from Microsoft. Part of its integration of Zeek into its Defender for Endpoint security platform, this contribution...
Nomination Phase for the 2022 Zeek Leadership Team Election is now open
This year, half of the Zeek LT seats are up for re-election. We just entered the Nomination Phase of the Zeek Leadership Team (LT) elections. During this phase you can nominate either yourself or someone you know for a seat on the LT. Please submit nominations for a...
ZeekWeek 2022 – Registration Open!
ZeekWeek 2022 will be held 12-14 October at the AT&T Hotel and Conference Center located in Austin, Texas. Registration Open!
Zeek 5.0
The Zeek team is quite excited to announce Zeek 5.0: it’s a major release providing a lot of new functionality, both extending Zeek itself and also growing its ecosystem through new capabilities and tools. Thanks to everybody who has contributed to this release, many...
Zeek Week 2022 – Call for Presentations
ZeekWeek 2022 will be held from October 12th to 14th at the AT&T Hotel and Conference Center located in Austin, Texas. ZeekWeek will be an in-person event. Presentations will be recorded and published after the event. ZeekWeek is the annual gathering of defenders,...
Zeek Project training
The Zeek Project is delighted to announce that we are going to offer the Zeek community training next month. Usually it is a one day event offered during ZeekWeeks, but due to high demand and long waitlist of people during ZeekWeek, we have decided to offer it twice...
Save the date – ZeekWeek 2022 – October 12th to 14th
We are happy to announce that ZeekWeek 2022 will be held on October 12th to 14th in Austin, Texas. More details, as well as a Call for Presentations will be released in the next few weeks. Mark your calendars – and we hope to see you all in Austin in October.
Zeek In Action, Video 12, zeek2es
In this video, Keith Jones (Sr. Security Researcher, Corelight) introduces a simple Python program written to help you take your Zeek ASCII tab delimited files and make them full text searchable with ElasticSearch+Kibana (or OpenSearch, if you prefer). If you don’t...
Zeek in Action, Video 11, Using Spicy Driver
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer. Of course Radius is in core Zeek, but it can be replaced with a Spicy Radius protocol analyzer.
Zeek Newsletter – Issue 14 – November 2021
Issue 14 - November 2021 Welcome to the Zeek Monthly Newsletter! In this Issue: TL;DR Development Updates Zeek Blog and Mailing List Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related Jobs Get Involved TL;DR The big news...
ZeekWeek 2021 Summary, Slides, Videos and more – Now Available!
ZeekWeek 2021 was held online from 13-15 October. This three-day event brought together over 2000 SOC professionals, Zeek users and developers from over 59 countries and 800 companies. If you missed this year's events below is the agenda, with links to slides and...
Zeek in Action, Video 10, Examining the Four Types of Network Security Monitoring Data
In this episode of Zeek in Action, Richard examines the four types of network security monitoring data: 1) full content data ("PCAP"), 2) transaction logs, 3) extracted content, and 4) intrusion detection systems (IDS) alerts. He uses the online tool Cloudshark to...
Zeek In Action, Video 9, Radius Protocol Analyzer with Spicy
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer.
Zeek Monthly Newsletter – Issue 13 – October 2021
Issue 13 - October 2021 Welcome to the Zeek Monthly Newsletter! In this Issue: TL;DR Development Updates Zeek Blog and Mailing List Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related Jobs Get Involved TL;DR ZeekWeek 2021...
ZeekWeek 2021 Capture the Flag Summary
As part of the most recent ZeekWeek event the Zeek Project Training Subgroup and the Corelight Labs Team made a capture the flag (CTF) competition available for attendees to play. The competition included 19 challenges of varying difficulties which involved tasks...
Zeek In Action, Video 8, Installing Zeek From Scratch
In this Zeek in Action video, Richard Bejtlich explains how to install Zeek from scratch, using a fresh Linux environment created on his Windows system with VirtualBox. You can follow along step by step as Richard prepares a VM, installs Linux, selects the version of...
Zeek In Action, Video 7, Capture Loss Statistics
In this episode, Richard Bejtlich explains how to determine if your Zeek deployment suffers from capture loss. There are many causes for capture loss (including an overloaded span port, NIC, or monitoring system), but the end result is the same: unfortunate gaps in...
ZeekWeek 2021 – CTF Announced – Register Today to Play
Another ZeekWeek means another ZeekWeek CTF! This will be the 2nd year of this event. In full observation of the stereotypical behavior associated with the "terrible twos", expect defiant and unruly puzzles 😀 What is this thing? Not only are CTFs a great way to show...
Zeek Monthly Newsletter – Issue 12 – September 2021
Issue 12 - September 2021 Welcome to the Zeek Monthly Newsletter! Issue 12 covers September 2021 and upcoming events. In this Issue: TL;DR Development Updates Zeek Blog Zeek in the Community Zeek Package Updates Zeek in the Enterprise Upcoming Events Zeek Related...
ZeekWeek Day 3 Keynote Speaker Announced – Richard Bejtlich of Corelight, Inc.
Register today! The Zeek Project is pleased to announce that Richard Bejtlich will keynote the ZeekWeek 2021 Day 3 Zeek Roadmap/ Developers Track on 15 October 2021. Network security monitoring (NSM) began in the late 1980s and continues to assist defenders in the...