Zeek Newsletter - Issue 53 - July 2025

michelle · August 7, 2025, 5:56pm

Welcome to the Zeek Newsletter

In this Issue:

[TL;DR]

July was packed with exciting developments and initiatives for Zeek. We finalized preparations for the 8.0 release, which you can expect very soon. Plus, the Zeek Project Survey wrapped up and we are already thinking about next steps. We’re also gearing up for events at the NSF Cybersecurity Summit in Boulder and hack.lu in Luxembourg.

Don’t Miss This–Reminders for the Community

Survey Follow-Up: Thank you to everyone who participated in the Zeek Project Survey! If you expressed interest in contributing to the project, a follow-up email should be in your inbox. If you missed the survey but want to contribute to Zeek, connect with Michelle on Slack or schedule a call to learn more. A summary of our survey insights and next steps is available on our blog.
Upcoming Zeek Training at the NSF Summit: Join us for hands-on Zeek training at the NSF Cybersecurity Summit on October 20 in Boulder, CO. More details will be shared as the agenda is finalized. Stay tuned!
Meet us at hack.lu: We’ll be at hack.lu in Luxembourg from October 21–24. Christian is going to give a talk on integrating Zeek with third-party applications. Come say hi!
Save the Date: Zeek Workshop at CERN: We’re hosting a two-day community workshop at CERN in Geneva, Switzerland, on March 25–26, 2026. Stay tuned for agenda and registration details.

Zeek Tip of the Month:

When ordering elements in a Zeek vector, you can pass a custom ordering function to sort. Check out the docs here. Try it here.

Have a tip of your own?

Share your tricks, shortcuts, or techniques with us! Your contribution might help others in the community. Submit your tips here.

Zeek Community Call Recap

Thank you to all who joined and contributed during our Community Call. We discussed updates from the Leadership Team, including the transition to a benefit corporation and upcoming LT seat openings. Project updates for Zeek 8.0 were previewed and we shared insights from our community survey.

If you couldn’t join the meeting live, the recording is available on our YouTube channel.

The next call is September 3 at 10am Pacific Time. Use this Zoom link to join. There’s no registration required, just drop in and join the conversation. See you there!

Development Updates

July Recap

In the past month the development team focused on finalizing the Zeek 8.0 release. We iterated on the new pluggable flow tuple support and improved our PPPoE, eDNS, and IRC parsers. SMTP analysis now allows handing entire message data off to the file analysis framework. We’ve further improved the ZeroMQ cluster backend, which now features better overload handling. The storage framework now supports telemetry, and we’ve added a toggle to the known-services framework to use the new storage APIs. We also wrapped up our migration to C++20, and closed out several smaller issues. Over the coming weeks we’ll finalize Zeek 8.0’s documentation, and begin planning 8.1.

Zeek 8.0.0 Release Candidate Now Available

We’ve published the first pre-release for Zeek 8.0—version 8.0.0-rc1 is now live and ready for testing! You can download it from our website or get the source code directly here.

A sneak peek at this release’s highlights:

Support for new plugins for extending connection information was added. This allows plugin authors to add additional information to connections beyond the traditional five-tuple. A plugin to add VLAN tags is included.
The ZeroMQ library is now a required dependency for Zeek. Broker continues to be our default cluster backend, but requiring ZeroMQ for building will allow us to change this more easily in the future.
A new analyzer for Redis traffic was added.
Lots of improvements to both the cluster and storage frameworks, including new metrics exposed by the telemetry framework.
C++20-capable compilers are now required to build Zeek.

You can review the full release notes for all new features, breaking changes, and more. Binary packages will be available soon. Stay tuned for updates on the Zeek GitHub Wiki.

We’re planning to release Zeek 8.0 on August 18, assuming RC testing abides.

Also out: Zeek 7.2.2 and 7.0.9

We’ve also released updates to our two current release trains, 7.0.9 and 7.2.2, with security and bug fixes. Check their release notes for more details.

Zeek Package Updates

Anyone in the community can write add-on functionality for Zeek via packages. Browse them here: https://packages.zeek.org or head to our zkg package manager documentation to get started.

Check out #package-sharing on Slack to see what packages others are working on or share your own.

Recently added or updated packages are always visible on GitHub directly, via the following search of pull requests to our package repository:

https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed

Latest updates:

Get Involved

Got ideas, feedback, or content for the newsletter? Send us a note at news@zeek.org or drop by the #security-news channel on Slack. Join Slack here.

Stay in the loop and connect with others in the community:

See what people are talking about on Discourse
Subscribe to our YouTube channel
Follow us on Mastodon, Bluesky, and LinkedIn

Want more insider updates? Check out the Leadership Team meeting notes.

And if you’re hunting for Zeek-related jobs, here’s a handy LinkedIn search.

Thanks for being part of the community. We’ll see you next time!

Topic		Replies	Views
Zeek Newsletter - Issue 49 - March 2025 Announcements newsletter	0	55	April 2, 2025
Zeek Newsletter - Issue 44 - October 2024 Announcements newsletter	0	71	November 4, 2024
Zeek Newsletter - Issue 50 - April 2025 Announcements newsletter	0	92	May 14, 2025
Zeek Newsletter - Issue 52 - June 2025 Announcements newsletter	2	89	August 7, 2025
Zeek Newsletter - Issue 28 - April 2023 Announcements newsletter	0	370	May 2, 2023