Zeek (formerly known as Bro) is an open-source network security tool commonly used by security practitioners for network security monitoring. Network Security Monitoring is based upon the collection of data to perform detection and analysis. With the collection of a large amount of data, SOCs should be able to stitch together events that occur, however making sense out of large volume of events generated from multiple devices can be challenging.
The Elastic Stack is commonly used by security analysts to aggregate and analyze security events, including network security monitoring data. The integration between Zeek and Elastic allows to easily ingest and analyze network events generated by Zeek.
During this presentation we will introduce Zeek and demonstrate how to easily ingest logs generated by Zeek into Elasticsearch and how perform Threat Hunting and Incident Response using Kibana.
Lunch will be provided to all attendees.
*** Event Agenda ***
11:30AM - 12:00PM Lunch
12:00PM - 1:00PM Presentation
1:00PM - 1:30PM Q&A and Networking
*** About the Speaker ***
Richard Chitamitre is a technology evangelist at Corelight. Prior to that he worked as a Senior Security Analyst at Edward Jones. He has spent over a decade serving in the U.S. Navy across a number of Computer Network Operation roles, including work as a Requirements and Targeting Analyst for NSA’s Tailored Access Operations team and an Incident Response and Threat Hunt operator for the Navy CNMF.