by Benjamin Bannier | Dec 8, 2025 | development, How-to, Scripting, Spicy
Whether you’re extending Zeek’s functionality or integrating it into a larger NDR stack, your work probably involves some form of source code. While that code is ultimately a means to an end, I like code to be neat: fit for the task, to the point,...
by Christian Kreibich | Aug 22, 2025 | 8.0, development, release, Spicy, Zeek
We’re proud to announce the release of Zeek 8.0! This release introduces a range of technical innovations and culminates architectural improvements we’ve been working on since the release of Zeek 7 a year ago. Customizable Flow Tuples For the first time ever, it’s now...
by Evan Typanski | Jun 3, 2025 | performance, Protocol Parsing, Spicy, Zeek
Within Zeek, there are two separate parser generators: Binpac (the old one) and Spicy (the new one). Both allow users to write protocol parsers by declaring what the protocol looks like rather than writing C++ code to parse it. Binpac parsers are difficult to write....
by Christian Kreibich | May 13, 2025 | 7.2, development, release, Spicy, Zeek
The Zeek team is proud to announce Zeek 7.2! Work on this release began in December 2024 and includes some 1,200 commits, 330 merged pull requests, and 130 closed issues. The 7.2 release brings important new features, matures Zeek’s ability to run on alternative...
by Evan Typanski | Jan 28, 2025 | Protocol Parsing, Spicy, Zeek
In our last post, we left off with a functional but incomplete analyzer for Redis. It analyzed RESP (Redis Serialization Protocol) traffic, crudely created “command” objects, then sent that off into Zeek script in events in order to log it. It created something nice,...
by Evan Typanski | Jan 22, 2025 | Protocol Parsing, Spicy, Zeek
You can find the source code referenced throughout this post here — though, it is quite different from what is written here. Redis is an in-memory, key-value database. Its primary use is for caching. It does this over the network, but it’s only really meant to be used...
RSS - Posts