Zeek Newsletter - Issue 27 - March 2023

Welcome to the Zeek Newsletter.

In this Issue:

  • TL;DR
  • Development Updates
  • Zeek in the Community
  • Zeek in the Enterprise
  • Upcoming Events
  • Zeek Package Updates
  • Get Involved


There’s plenty of work behind the scenes this month. Check out Keith Jones’ continued series of blog posts and videos if you haven’t seen them already.

Development Updates

As of 30 March, Zeek 5.2.0, is the newest release.


We encourage users to update to the latest releases to address bugs and security issues. The release notes contain important information:


Of note:

“Experimental support added for building and running Zeek on Microsoft Windows environments. This is considered experimental due to the fact that our standard testing setup (btest) doesn’t run properly on Windows. This will be fixed in the future. In the meantime we have done some basic testing against builds done with Visual Studio 2019. Information on how to build on Windows is available in the Zeek documentation. Note also that Spicy is currently unsupported and will be fixed in the future.

The feature as checked into the repository is not considered production-ready. There are many bugs to squash and features to improve, and we will be steadily fixing things over the next few months.

The Zeek team wants to give a huge thank you to the team at Microsoft for all of their effort in completing this port.”

Zeek in the Community

Thank you for participating in the Zeek community survey earlier this year. We are consolidating and interpreting the results and will share them soon.

Keith Jones has been publishing a ton of Zeek videos recently:

All are in this playlist:


Thanks for producing these videos, Keith! Here are his corresponding blog posts:


Seth Gover mentioned that Malcolm v23.03.0 is out, including Zeek v5.0.7, OpenSearch v2.6.0, Arkime v4.2.0 and a number of other updates, improvements and fixes. See the following for details:


The new Kali Purple Linux distribution is now including Zeek and Suricata, per this announcement:


Zeek in the Enterprise

We continue to provide experimental support for Windows. Please consider testing the new code by compiling it on Windows:


Upcoming Events

We are working on a “meet the developers” get-together in Amsterdam on 31 May. We would like to interact with local community members and discuss the Zeek roadmap and related issues. When we have more details, we will share them.

We are working on other small get-togethers for the future. We will use this Amsterdam event to test our ideas.

Our next monthly community call will take place on Wednesday 5 April at 1 pm ET. Register here:


After registering, you will receive a confirmation email containing information about joining the meeting.

If you have any questions please email: fatema@zeek.org

One way to stay informed on video content is to subscribe to the Zeek YouTube channel:


The following playlist contains all 19 videos for ZeekWeek 2022:


Zeek Package Updates

Changes to packages are available via this search:


The https://packages.zeek.org site reported the last 5 updates as of 3 January:

3/29/23, 4:12 AM shodan-zeek

3/28/23, 8:25 PM ja3

3/28/23, 12:23 PM spicy-plugin

3/27/23, 3:20 PM CVE-2022-24491

3/27/23, 11:28 AM GQUIC_Protocol_Analyzer

Get Involved

If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.


The Slack channel has been very active during the past month. Here is an invitation link:


Stay up to date by joining the Zeek Discourse:


Subscribe to our YouTube channel:


Follow us on Twitter:


Follow us on Mastodon:


The old mailing list archives now redirect to this site:


If you’d like to read the Leadership Team meeting notes, they are here:


Follow us on LinkedIn:


To search LinkedIn for jobs mentioning Zeek skills, use this query:


See you next time!