Zeek Newsletter - Issue 39 - May 2024

Welcome to the Zeek Newsletter.

In this Issue:

  • TL;DR
  • Development Updates
  • Zeek in the Community
  • Zeek in the Enterprise
  • Friends of Zeek
  • Upcoming Events
  • Zeek Package Updates
  • Get Involved


ZeekWeek 2024 will be held on 13-14 August at the Caltech Ramo Auditorium 2 located in Pasadena, California. The CFP is still open and tickets are on sale. Additionally there will be a Zeek training event on 15 August. See later in the newsletter for details.

Development Updates

On 14 May Benjamin published Spicy 1.10.1, 1.9.1 and 1.8.4. These are bugfix releases for the versions of Spicy which are bundled with Zeek. Please see this post for details:


On 16 May Tim published Zeek Zeek 6.0.4 and 6.2.1. These are bugfix releases. Please see this post for details:


Zeek in the Community

On 30 May Seth published a new version of Malcolm. Please see the project site for details:


On 30 May Doug published Security Onion 2.4.70, which includes Zeek 6.0.4. Congratulations to Doug and the SO team for their 15 year birthday on 4 June!


Zeek in the Enterprise

Corelight is hiring a remote open source developer to work on Zeek. See this job description for details:


Friends of Zeek

On 23 April, the Suricata project released versions 7.0.5 and 6.0.19. Visit their site for details:


Upcoming Events

The next Zeek Community Call is 5 June at 1 pm ET. There is no need to register. Here is the Zoom link:


ZeekWeek 2024 will be held on 13-14 August at the Caltech Ramo Auditorium 2 located in Pasadena, California. Additionally there will be a Zeek training event on 15 August. ZeekWeek will be an in-person event. Presentations will be recorded and published afterwards.

You can register here:


The call for papers for ZeekWeek 2024 is now live.


Abstracts for talk submissions must be submitted by 14 June. Final notifications will be sent by 1 July. Talks will be reviewed in several rounds before the final submission deadline. Earlier submissions have a higher chance of acceptance. You will be notified as soon as a decision has been made on your talk.

Please see this post for details:


On 2 April, Seth posted to the Zeek Slack that DHS CISA will host a two day Malcolm-focused conference (MalCON) near Arlington, VA on 4-5 September. There will also likely be a virtual option. The event will likely include training for Malcolm, enterprise traffic analysis, and perhaps OT/ICS traffic analysis. If you would like to know more, contact Seth Grover in the Zeek Slack.

The next Security Onion conference will be held 4 October in Augusta, GA. The CFP is open. Please see this post for details:


Zeek Package Updates

Changes to packages are available via this search:


The https://packages.zeek.org site reported the last 5 updates as of 2 June:

6/4/24, 4:14 AM shodan-zeek

6/3/24, 3:01 PM zeekjs-redis

5/30/24, 6:56 PM zeek-plugin-tds

5/30/24, 6:55 PM zeek-plugin-s7comm

5/30/24, 6:55 PM zeek-plugin-enip

Get Involved

If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.


The Slack channel has been active during the past month. Here is an invitation link:


Stay up to date by joining the Zeek Discourse:


Subscribe to our YouTube channel:


Follow us on Twitter:


Follow us on Mastodon:


The old mailing list archives now redirect to this site:


If you’d like to read the Leadership Team meeting notes, they are here:


Follow us on LinkedIn:


To search LinkedIn for jobs mentioning Zeek skills, use this query:


See you next time!