Welcome to the Zeek Newsletter
In this Issue:
- Reminders
- Tip of the Month
- Community Call Recap
- Development Updates
- Ecosystem News
- Packages
- Get Involved
TL;DR: Voting is open for the Zeek LT election, the 8.1 development continues, and upcoming events include NSF Summit training, hack.lu, and Zeek Workshop Europe 2026.
Don’t Miss This – Reminders for the Community
Leadership Team Election
Voting begins today. We received three nominations, and two are confirmed. Next steps are coming soon.
5 Ways to Contribute to the Zeek Project for the First Time
A quick guide for anyone curious about getting involved in the project. Read more
Upcoming events
- NSF Cybersecurity Summit Training (Boulder, Oct. 20-23) Register here
- hack.lu (Luxembourg, Oct. 21–24) Learn more
- Zeek Workshop Europe (Geneva, Mar. 25-26): Hosted at CERN – registration opens soon!
Zeek Tip of the Month
You can ask Zeek to extract transport-layer connection payloads to disk by saying:
zeek -C -r your.pcap Conn::default_extract=T
Zeek will produce one file per direction per connection, with the raw payload.
Have a tip of your own?
Share tricks, shortcuts, or techniques with us! Submit yours here.
Community Call Recap
Highlights from this month’s call:
- Zeek 8.1 development cycle and cluster backend updates
- Upcoming patch release (8.0.2)
- NSF Cybersecurity Summit workshop reminder
- New blog: 5 Ways to Contribute + new community initiative coming soon!
- Lightning talk: Georges Nasr demonstrated building a Zeek parser for Oracle traffic
Missed it? Watch the recording on our YouTube channel.
The next call is November 5 at 10am Pacific Time. Use this Zoom link to join.
Development Updates
September Recap
The Zeek 8.1 development cycle is moving ahead, with work focused on finalizing the switch to ZeroMQ as the default cluster backend. This change is on track for the release, and the team is especially interested in hearing from community members who are building third-party integrations with Zeek. If you’re currently working with WebSockets, Python bindings for Broker, or other mechanisms, now is the perfect time to share your experiences. Going forward, WebSockets and Zeek.js will be the primary supported paths for integrations, and community feedback will help smooth the transition.
Looking ahead, a patch release (8.0.2) is expected in the next two weeks to address accumulated fixes.
The team has also started exploring how Zeek might use XDP for scenarios like traffic shunting. If you have a relevant use case, please share your thoughts on Slack or Discourse–we’d love to hear from you!
Ecosystem News
- That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat via The Hacker News
- Security Onion 2.4.180 now available
- Malcolm v25.09.0 is out
Zeek Packages
Anyone in the community can write add-on functionality for Zeek via packages.
- Browse Zeek packages: https://packages.zeek.org
- Head to our zkg package manager documentation to get started on your own
- Questions? Check out #package-sharing to get help
Recently added or updated packages are always visible on GitHub directly, via the following search of pull requests to our package repository:
https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed
Latest updates:
Get Involved
- Share ideas or content: news@zeek.org or #security-news on Slack.
- Stay connected: Discourse • YouTube • Mastodon • Bluesky • LinkedIn
- Check out Leadership Team meeting notes for insider updates.
- Looking for Zeek jobs? See openings on LinkedIn.
Thanks for being part of the community. We’ll see you next time!