The latest Zeek newsletter has a neat trick for analyzing multiple PCAP files in one go  

https://community.zeek.org/t/zeek-newsletter-issue-59-january-2026/7944#p-29641-zeek-techniques-3

#Zeek #NetworkSecurity #OpenSource

Zeek Newsletter - Issue 59 - January 2026

Welcome to the Zeek Newsletter In this Issue: Community News Zeek Techniques Community Call Recap Development Updates Packages Get Involved TL;DR: Zeek 8.1 is officially out and security updates 8.1.1 and 8.0.6 are available. The CERN workshop agenda is live (registration still open!), and we published a few tutorials and guides for you. Community News & Reminders Threat Intelligence Workshop - Virtual (Feb. 25): Aashish Sharma and Fatema Bannat Wala are presenting on leveraging MISP w...

Zeek

RE: https://infosec.exchange/@zeek/116014186286025272

What operational problems have you found hiding in your logs?

#Zeek #NetworkSecurity #OpenSource

Malcolm: A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts

Check โœ…๏ธ it out:
https://github.com/idaholab/Malcolm

#cybersecurity #infosec #threathunting #suricata #zeek #pcapanalysis #networktrafficanalysis

GitHub - idaholab/Malcolm: Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. - idaholab/Malcolm

GitHub

๐Ÿ”ง Malcolm Integration
bash

# Malcolm's zeekctl.cfg or local.zeek
redef SSL::root_certs += {
["PolarProxy Root CA"] = "/opt/polarproxy/certs/rootCA.pem"
};

# In Malcolm's docker-compose.yml, ensure port mapping:
# zeek:
# ports:
# - "57012:57012/tcp" # For PolarProxy PCAP feed

30 protocols but what about hashcat - how many protocols now?

Hashcat Protocol Support Count - As of hashcat v6.2.6 (latest stable), here are the current protocol/hash mode counts:
Total Protocols/Hash Modes: 423+

(This number grows with nearly every release) #hashcat,net #zeek

If you've wanted to learn Zeek scripting but didn't know where to start, Evan put together a comprehensive tutorial covering the basics through building a real detection.

https://www.youtube.com/watch?v=nae8cdrUUKY

#Zeek #NetworkMonitoring #Infosec

Zeek Scripting Tutorial: Learn the Fundamentals

YouTube

The schedule for our workshop at CERN is coming together: https://zeek.org/workshop-cern-2026/schedule/

Register today and join us in Geneva next month ๐Ÿ‡จ๐Ÿ‡ญ

#Zeek #OpenSource #NetworkSecurity #NetworkMonitoring #Infosec

New on the blog: JA4 fingerprints in Zeek. Install the package, configure it, start detecting. Learn more: https://zeek.org/2026/01/how-to-use-ja4-network-fingerprints-in-zeek/

#Zeek #OpenSource #NetworkSecurity #ThreatHunting #InfoSec

Want to write custom Zeek detections? Evan's scripting tutorial covers the basics - types, events, functions, and building a working script from scratch.

https://youtu.be/nae8cdrUUKY

#Zeek #NetworkSecurity #OpenSource #InfoSec

Zeek Scripting Tutorial: Learn the Fundamentals

YouTube

We just published a walkthrough explaining the change to ZeroMQ as the default cluster backend in Zeek 8.1. It's worth a watch if you're curious about why this change happened and how it works:
https://youtu.be/EeW_Oo-xNdQ

#Zeek #NetworkSecurity #OpenSource #InfoSec

Cluster Backend Walkthrough

YouTube

Excited to share that Zeek 8.1 is live with major updates: better JavaScript support, WebSocket API enhancements, and ZeroMQ introduced as the default cluster backend  

Learn more: https://community.zeek.org/t/zeek-feature-release-8-1-0/7934

#Zeek #NetworkSecurity #OpenSource #InfoSec

Zeek feature release 8.1.0

Zeek feature release v8.1.0 is now available: https://zeek.org/get-zeek https://download.zeek.org/zeek-8.1.0.tar.gz See the release notes for details of the new functionality, breaking changes, and changed functionality Release v8.1.0 - zeek/zeek - GitHub Binary packages for the new releases will also be available shortly: Binary Packages - zeek/zeek Wiki - GitHub

Zeek