Welcome to the (very delayed) Zeek Newsletter!
In this Issue:
- TL;DR
- Hello from Michelle
- Development Updates
- Zeek in the Community
- Zeek in Action
- Friends of Zeek
- Upcoming Events
- Zeek Package Updates
- Get Involved
[TL;DR]
Zeek 7.2 is here! Check out Christian’s announcement below for full details and the Development Updates section of this newsletter for highlights.
Reminder that we host an open Community Call on the first Wednesday of the month. The next call will take place on 4 June 2025. There is no need to register. Here is the Zoom link:
https://us06web.zoom.us/j/99882457331?pwd=WVZLRGtpbmx1V2FqSnlRT1FLRC9lQT09
Hello from Michelle, Zeek’s New Community Liaison
In case you missed my Slack introduction, I wanted to take a moment to say hello here too. I recently joined the Zeek team to help strengthen community connections, improve how we support users and contributors, and make it easier for folks to get involved in everything Zeek has to offer.
Last week I published a blog post where I share more about my first few weeks and what I’m focusing on. Check it out if you’re curious. And don’t be a stranger! I’m eager to connect with as many community members as possible and learn more about why you’re here and what you’d like to see from Zeek.
I’ll see you out there!
– Michelle
Psst–this is my first Zeek newsletter. How’d I do? If you’d like to help me do my job better, check out this quick Slack poll and share your feedback on how to make the newsletter more relevant and useful. I’d really love your input!
Development Updates
April was a busy month for the Zeek team, with a new bugfix release on our current LTS train, 7.0.7, and the release of 7.2! 7.0.7 contains improvements to the LDAP parser, which now features improved handling of GSSAPI signing. QUIC also saw improvements to its handling of fragmentation, the INITIAL packet, and ACK ranges.
But the highlight of the month is of course the release of Zeek 7.2, the last feature release in the 7.x cycle! Please see our 7.2 announcement for details. This release came together smoothly, with a heavy push on the new WebSockets feature and Broker’s backpressure mechanism until the finish line. Starting from our development update at the end of March, the team focused on merging final PRs, and created the first (and only) release candidate on April 25, one week later than originally planned. Our testing subgroup provided very helpful feedback as usual – this time we’d like to particularly thank Anthony Verez for two excellent regression tickets that were so helpful that we promptly convinced Anthony to join our testing subgroup going forward!
The Spicy team released 1.13 in time for Zeek 7.2, continued its performance analysis/optimization push, and made a lot of progress toward a control flow graph for Spicy, an important building block for unleashing performance optimizations in the future.
The team also got together for a Zeek 8 planning session, and the project board now gives a good impression of the work we’ve lined up. We’re still making final tweaks to it, so bear with us.
Zeek in the Community
Malcolm Release Notes: Seth published Malcolm v25.04.1. Malcolm is an open source network traffic analysis platform that integrates with Zeek. You can find the details about the release and project below:
https://github.com/idaholab/Malcolm/releases/tag/v25.04.1
Quick Malware Analysis with Zeek: The Security Onion team published a new Quick Malware Analysis walkthrough using a Kongtuke web inject PCAP. The post shows how to investigate alerts and pivot through Zeek metadata. It’s a helpful hands-on example of Zeek in action:
https://blog.securityonion.net/2025/04/quick-malware-analysis-kongtuke-web.html
Zeek in Action
Zeek Featured by the NSF: The U.S. National Science Foundation (NSF) is highlighting Zeek as a critical open-source tool for network security in its new feature on cybersecurity impact.
https://www.nsf.gov/impacts/cybersecurity
Friends of Zeek
The Suricata project released beta version 8.0.0. Visit their site for details:
Upcoming Events
As noted above, the next Zeek Community Call is scheduled for 4 June at 1pm ET. Why attend live? You’ll hear updates straight from the source and have a chance to ask questions or share feedback. It’s one of the easiest ways to get involved.
There is no need to register. Here is the Zoom link:
https://us06web.zoom.us/j/99882457331?pwd=WVZLRGtpbmx1V2FqSnlRT1FLRC9lQT09
Zeek Package Updates
Anyone in the Zeek community can write add-on functionality for Zeek via packages — see https://packages.zeek.org to browse them, and our zkg package manager documentation to get started. Recently added or updated packages are always visible on Github directly, via the following search of pull requests to our package repository:
https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed
The https://packages.zeek.org site reported the last 3 updates:
Zeek-Parser-OmronFINS
A Zeek plug-in that can analyze communication using Omron FINS/UDP.
CSNPP-ROC-PLUS
A Spicy based Zeek plugin for parsing and logging fields within the ROC Plus protocol.
Zeek Cluster Backend NATS
A NATS.io based cluster backend for Zeek.
Get Involved
If you have any comments or material for the newsletter please email news@zeek.org or join the #news Slack channel.
Not on Slack? Click here to join our workspace and connect with us.
Catch up on the Leadership Team meeting notes here.
Stay up to date by joining the Zeek Discourse.
Subscribe to our YouTube channel.
Follow us on Mastodon.
Follow us on LinkedIn, or search LinkedIn for jobs mentioning Zeek skills.
See you next time!