[Macphisto]

The long and short of it is Zeek(used to be call Bro) provides session based analysis whereas wireshark is primarily packet based. With a few exceptions, they both generally do the same thing but in different ways. Zeek is at the bones, an event-based engine with a scripting language (think node-js but from the 80s!) - the scripting language is actually what provides the logs generated by Zeek.

One key aspect of Zeek is that it can be deployed within a network to passively generate logs. As an incident response consultant, the few times I've worked with a client with Zeek logs, our ability to answer some critical questions in short order was increased dramatically! Back in my Sysadmin days, I used to run Zeek (when it was called Bro) to provide network logs for security review but also for general network analysis.

You can definitely run a pcap capture by wireshark through Zeek. you'd run `zeek -r <yourpcap>` and you'll end up with some lovely TSV separated logs in your current working directory!

Full transparency: I'm not part of the Zeek team, but I did author the original Zeek scripting guide for them back in 2012 or so. For my money, the Zeek team is building some of the better network appliances and detection/logging capabilities available.