Happy New Year and welcome to the Zeek Newsletter.
In this Issue:
- Community News
- Tip of the Month
- Community Call Recap
- Development Updates
- Ecosystem News
- Packages
- Get Involved
TL;DR: Zeek 8.1 RC2 is out and community testing is encouraged before the official release. Registration for our workshop at CERN is still open, Zeek training is coming to the NSF regional summit in April, and we published new scripting content!
Community News & Reminders
-
Zeek Workshop Europe (Mar. 25-26): Agenda coming soon! CFP is still open for attendees interested in presenting. Registration is free with limited spots available. Learn more and sign up here.
-
Zeek Training at Trusted CI Summit (Apr. 21-22): We’re bringing Zeek training to the 2026 Regional Cybersecurity Summit at the University of Alabama. Registration is coming soon. Learn more at trustedci.org/2026-regional-summit.
-
Topic of the Month: January’s theme is “Discovery Stories”. Join the discussion in #topic-of-the-month on Slack and read the December recap (“Zeek & Other Tools”) on our blog.
-
New Scripting Content: Learn Zeek scripting fundamentals in Evan’s comprehensive video tutorial and explore best practices in Benjamin’s script development guide.
Zeek Tip of the Month
You can compute the community ID for a connection on the command-line using -e directly.
$ zeek -e 'print community_id_v1([$orig_h=127.0.0.1, $orig_p=1234/udp, $resp_h=8.8.4.4, $resp_p=53/udp])'
1:akEF2NwEkbyNtzk1SdCogtbMei4=
Share your tricks, shortcuts, or techniques with us using this form.
Community Call Recap
Highlights from this month’s call:
-
Zeek 8.1 RC2 available: The team released the second release candidate and is encouraging community testing before the official release featuring ZeroMQ as the default backend.
-
Training expansion: We’re hoping to add more Zeek trainings to the calendar in 2026 as NSF is exploring regional semi-annual workshops in addition to their annual summit.
-
Real-world integration stories: Community members Kevin and Tom shared their Zeek deployments, including Security Onion + Elastic + Azure Sentinel for threat hunting, and a university’s multi-continent custom pipeline with AI-powered analysis.
Missed it? Watch the recording on our YouTube Channel.
The next call is February 4 at 10am Pacific Time. Use this Zoom link to join. There’s no registration required, just drop in and join the conversation. See you there!
Development Updates
Zeek 8.1 is in its final testing phase with Release Candidate 2 (RC2) now available. The team is actively seeking community feedback on this major release, which introduces ZeroMQ as the default cluster backend for the first time. Users deploying clusters via ZeekControl will now run on ZeroMQ by default, representing a significant architectural shift for the project.
The development team is particularly encouraging members of the Testing Group to try out RC2 and report any unexpected behavior, performance differences, or issues. If testing goes smoothly, the team plans to release Zeek 8.1 shortly thereafter. This represents a major milestone that the team has been working toward throughout the fall and winter months.
As always, follow development progress on GitHub to stay current with the latest changes.
Ecosystem News
- Security Onion 2.4.200 is now available and includes Zeek 8.0.4
- Malcolm v25.12.1 is now available, containing a few critical bug fixes and component version updates.
Zeek Packages
Anyone in the community can write add-on functionality for Zeek via packages.
- Browse Zeek packages: https://packages.zeek.org
- Head to our zkg package manager documentation to get started on your own
- Questions? Check out #package-sharing to get help
Recently added or updated packages are always visible on GitHub directly, via the following search of pull requests to our package repository:
https://github.com/zeek/packages/pulls?q=is%3Apr+is%3Aclosed
Recent Packages:
Get Involved
- Share ideas or content: news@zeek.org or #security-news on Slack.
- Stay connected: Discourse • YouTube • Mastodon • Bluesky • LinkedIn
- Check out Leadership Team meeting notes for insider updates.
- Looking for Zeek jobs? See openings on LinkedIn.
Thanks for being part of the community. We’ll see you next time!