Zeek Newsletter - Issue 49 - March 2025

Announcements
1

Welcome to the Zeek Newsletter.

In this Issue:

  • TL;DR
  • Development Updates
  • Zeek in the Community
  • Zeek in the Enterprise
  • Friends of Zeek
  • Upcoming Events
  • Zeek Package Updates
  • Get Involved

[TL;DR]

Zeek 7.0.6 and 7.1.1 are here, and news about 7.2 appears below.

If you’re reading this on publication day, 2 Apr 2025, there is a Zeek community call today. There is no need to register. Here is the Zoom link:

https://us06web.zoom.us/j/99882457331?pwd=WVZLRGtpbmx1V2FqSnlRT1FLRC9lQT09

Development Updates

Tim released Zeek versions 7.0.6 and 7.1.1.

https://zeek.org/get-zeek

https://download.zeek.org/zeek-7.0.6.tar.gz

https://download.zeek.org/zeek-7.1.1.tar.gz

See the release notes for details of the addressed bugs and security issues:

https://github.com/zeek/zeek/releases/tag/v7.0.6

https://github.com/zeek/zeek/releases/tag/v7.1.1

Binary packages for the new releases will also be available shortly:

https://github.com/zeek/zeek/wiki/Binary-Packages

For more information on release cadence, see:

https://github.com/zeek/zeek/wiki/Release-Cadence

Christian wrote:

We’re three months into the Zeek 7.2 development cycle, so now is a good time to share an update about ongoing development and our planned timeline for the Zeek’s next feature release.

We recently merged two of the biggies planned for this release: the new storage framework

https://github.com/zeek/zeek/pull/4163

and WebSocket support

https://github.com/zeek/zeek/pull/4199

native to Zeek.

Both features continue our multi-release effort of reducing the Broker library to a “mere” topic-based pub/sub layer, enabling us to treat it as one of several available backend implementations. Our first alternative cluster backend, powered by ZeroMQ, has continued to mature in this release cycle and looks increasingly promising. Documentation and other items are still in flight, and you can track them in our 7.2 project board.

https://github.com/orgs/zeek/projects/21

We’re planning to fork the 7.2 release branch and release the first release candidate, RC1, on April 18. If you’re currently working on contributions that you’d like to see in 7.2, we encourage you to submit pull requests soon to allow us time to review & iterate. Once RC1 is out, we encourage everyone to try it out and send feedback.

Absent major hiccups, we’re planning to release 7.2 a bit over two weeks later, on May 8. We look forward to walking you through the new features of this release in more detail at that time. Release planning for Zeek 8, our next LTS release due in the summer, will happen shortly thereafter.

If you’re running Zeek clusters in production and would like to help us test our release candidates on a regular basis, we’d very much like to hear from you. While our test suites cover much of Zeek’s functionality, we always rely on Zeek users and the testing subgroup for the final go-ahead for a release. If you’d like to join our testing subgroup, please get in touch on Slack

https://zeek.org/slack

In our Zeek community call

https://zeek.org/events/

on the first Wednesday of each month, we regularly report on feature development. We encourage you to join and ask questions! These calls are also available for later viewing on our YouTube channel.

https://www.youtube.com/zeekurity

Zeek in the Community

Seth published a new version of Malcolm. Please see the project site for details:

https://malcolm.fyi/

The Security Onion project released a new version. Please see the project blog for details:

https://blog.securityonion.net/

Zeek in the Enterprise

The recording of the 19 March webinar, Integrating ML Analysis with Zeek with Dubem Nwoji, is live here:

https://youtube.com/live/YTnyeyrFWdE

Friends of Zeek

The Suricata project released version 7.0.10. Visit their site for details:

https://suricata.io/download/

Upcoming Events

The next Zeek Community Call is scheduled for 2 April at 1 pm ET. There is no need to register. Here is the Zoom link:

https://us06web.zoom.us/j/99882457331?pwd=WVZLRGtpbmx1V2FqSnlRT1FLRC9lQT09

The next Training Group Call is 11 Apr at 12 noon ET. Here is the Zoom link:

https://ESnet.zoom.us/j/6445948648

Meeting ID: 644 594 8648

Passcode: Rockon!

Zeek Package Updates

Changes to packages are available via this search:

https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed

The https://packages.zeek.org site reported the last 5 updates as of today:

1/28/25, 4:14 AM shodan-zeek

1/27/25, 9:20 PM ja4

1/24/25, 3:25 PM zeek-spicy-wireguard

1/24/25, 3:23 PM zeek-spicy-ipsec

1/24/25, 3:21 PM zeek-spicy-openvpn

Get Involved

If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.

https://zeekorg.slack.com

Here is an invitation to the Slack channel:

https://join.slack.com/t/zeekorg/shared_invite/zt-12z1pjy93-zuVGuT1BF~yUJJvERxhp7g

Stay up to date by joining the Zeek Discourse:

https://community.zeek.org

Subscribe to our YouTube channel:

https://youtube.com/c/Zeekurity

Follow us on Mastodon:

https://infosec.exchange/@zeek

The old mailing list archives now redirect to this site:

https://community.zeek.org/archives/list/zeek@lists.zeek.org/

If you’d like to read the Leadership Team meeting notes, they are here:

https://github.com/zeek/zeek/wiki/LT-Meeting-Notes

Follow us on LinkedIn:

https://www.linkedin.com/company/zeekurity

To search LinkedIn for jobs mentioning Zeek skills, use this query:

https://www.linkedin.com/jobs/search/?keywords=zeek

See you next time!