Lmst

Our call for presentations is open for the upcoming Zeek workshop at CERN, Using Zeek in your security work? Built custom scripts or plugins? Analyzing protocols with Spicy? We want to hear about it.

https://zeek.org/workshop-cern-2026/call-for-presentations/

#Zeek #NetworkSecurity #ThreatHunting #InfoSec #OpenSource

Malcolm v25.11.0 brings a rebuilt install script and fresh visualizations. Security Onion 2.4.190 updates its Zeek components. Find the full details in the latest Zeek newsletter:
https://community.zeek.org/t/zeek-newsletter-issue-56-october-2025/

#Zeek #Malcolm #SecurityOnion #NetworkSecurity

💡 Want to switch to JSON logging or change connection handling on the fly? There's a simple command for that, no extra scripts needed. Check out our newsletter to learn more: https://community.zeek.org/t/zeek-newsletter-issue-56-october-2025/

#Zeek #NetworkSecurity #SecurityTips

We recently learned a lot about how our community is using Zeek logs. See how they’re doing it: https://zeek.org/2025/11/5-ways-the-zeek-community-actually-uses-logs/

#Zeek #NetworkSecurity #ThreatHunting

Zeek 8.0.4 is out, plus 8.1 development is progressing with ZeroMQ backend, WebSocket support, and ZKG updates. :blobaww:

Full details in our October newsletter: https://community.zeek.org/t/zeek-newsletter-issue-56-october-2025/

#Zeek #NetworkSecurity #OpenSource

We’re now in a #Zeek talk -> Christian Kreibich of @corelight is on stage talking about how to integrate third party applications with Zeek

#hacklu2025

@da_667 you know you sell people a bunch of pc butfor medium biz they really can benefit from stuff like debian, dual nas, opnsense, pihole, - the basics but also faster networking, ids/ips system, pkt cap 24/7, even ssl proxy, rsync backups to nvme. having more visibility into the network allows organizations to leverage the data that piles up in the db as well as real time. a point needs to be made for the minimum raw basic infrastructure and then orgs can realize gestalt #p2v #fwupd #elk stack scripting #dashboards #centralized logs #netbox #zeek #snort #sigs

Oracle traffic, decoded with Zeek :amaze:

Georges built a custom Zeek parser for the TNS protocol - logging SQL statements, connection details, and database errors to improve visibility inside @securityonion

Watch the lightning talk from our latest Community Call: https://www.youtube.com/watch?v=haDtH30cQ1E

#Zeek #NetworkSecurity #OpenSource #Oracle #TNS #SecurityOnion

Some free @zeek info, if you write a layer2 ethernet analyzer, and think just registering it with ANALYZER_ETHERNET will work for ethernet and VLAN it won't. The packet analyzer doesn't walk a tree to forward packets to the next level, so you actually have to register it at *each* level, in this case once for ANALYZER_ETHERNET and again for ANALYZER_VLAN, so that you will get called in either case.
#zeek

Zeek 8.1 development is moving forward with ZeroMQ as the default cluster backend.

Integrating via WebSockets, Zeek.js, or Python bindings? We want your feedback to smooth the transition.

Check the newsletter for details: https://community.zeek.org/t/zeek-newsletter-issue-55-september-2025/7874#p-29504-development-updates-9

#Zeek #OpenSourceSecurity

New blog post: 5 straightforward ways to get started, from docs to testing to community support. https://zeek.org/2025/10/5-ways-to-contribute-to-the-zeek-project-for-the-first-time/
#Zeek #OpenSource #NetworkSecurity

5 Ways to Contribute to the Zeek Project for the First Time

Heading to hack.lu next month? Christian’s talk is on the program. Come learn how Zeek integrates with intel feeds, APIs, and third-party tools.

Full agenda: https://2025.hack.lu/agenda/

#Zeek #hacklu #NetworkSecurity #infosec

Zeek talk at hack.lu: Integrating Zeek with Third-Party Applications given by Christian Kreibich

#Malcolm (malcolm.fyi) v25.09 features 🧠 threat intel improvements, new ⚙️ config options, 🆙 component updates, 🐛 fixes, more! Details @ github.com/idaholab/Malcolm/releases. Malcolm is a powerful tool suite for NSM 🕵🏻‍♂️. #Zeek #Arkime #NetBox #Suricata #NetworkTrafficAnalysis #networksecuritymonitoring

Malcolm

Spicy news 🌶️

We’re excited to share that Zeek 8 improves Spicy’s infrastructure for generating C++ parsers, laying the groundwork for faster performance in future releases.

Head to the docs to learn more: https://docs.zeek.org/projects/spicy/

#Zeek #NetSec #OpenSource #Performance

Zeek 8 adds a Redis analyzer that logs every command to redis.log. That means more visibility into Redis traffic: spot usage patterns, track key activity, and watch for sensitive access.

▶️ https://zeek.org/2025/08/introducing-zeek-8/

#Zeek #RedisAnalyzer #NetworkSecurity

Pluggable flow tuples bring more flexibility to connection tracking. New in Zeek 8.

Find out how it works: https://docs.zeek.org/en/master/devel/plugins/connkey-plugin.html

#Zeek #NetworkMonitoring #CyberSecurity #OpenSource

Zeek 8 introduces the Storage Framework, and we’re excited to share it with you.

Learn more:
📝 Blog: https://zeek.org/2025/09/zeeks-storage-framework-explained/
🛠️ Tutorial: https://zeek.org/2025/09/the-storage-framework-in-action/
🎥 Video: https://www.youtube.com/watch?v=6h7kZ0zsVTc

#Zeek #OpenSource #NetworkSecurity

▶️ New in Zeek 8: analyzer.log now centralizes all parsing errors and shows when an analyzer was disabled.

Docs: https://github.com/zeek/zeek/pull/4362

#Zeek #NetworkSecurity #OpenSource