Zeek 7 Launches with Major Upgrades and New Features

Zeek 7 passive open-source network traffic analyzer debuts with comprehensive updates in scripting, telemetry, & analyzer configurations.
Zeek 7 Launches with Major Upgrades and New Features

Zeek, a powerful open-source network security monitoring tool, has launched its latest version, Zeek 7, introducing a major overhaul of its core architecture and focusing on modernizing and modularizing the system.

One of the standout features in the new release is the revamped Telemetry framework. Previously reliant on Broker and CAF for its operation, the framework now integrates directly with Zeek using prometheus-cpp and civetweb.

This change facilitates Prometheus’s HTTP service discovery, allowing for efficient metrics scraping across all nodes in a cluster. This improvement replaces the previous model, which often hindered performance due to its reliance on custom aggregation to the manager node.

Moreover, Zeek 7 heralds the release of Spicy 1.11, bringing substantial improvements to the underlying compiler technology. The Spicy compiler has been simplified, which speeds up its operation up to 30% runtime for certain protocols and enhances its reliability in detecting errors in code.

Another exciting addition in Zeek 7 is the support for ZAM (Zeek Abstract Machine), an optional script optimization engine designed to boost performance.

ZAM alters the traditional execution model of Zeek scripts from parsing scripts into abstract syntax trees and interpreting them node-by-node to compiling these trees into a low-level form that can be executed more efficiently.

Zeek 7 enhances the scripting language, analyzer configuration, and JSON ingestion capabilities. Users upgrading from the 6.0 series will find many new features to explore, such as new Spicy-powered QUIC and LDAP analyzers, improved support for HTTP upgrades and WebSocket analysis, and enhanced capabilities for handling log writes and deep encapsulation nesting levels.

As the new long-term support (LTS) release, Zeek 7 promises to provide security fixes and necessary backports for over a year. The updated Zeek website documentation provides extensive details and best practices for those keen to explore all new features.

For more information, visit the release announcement.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%

Related Posts