Zeek Days - Zeek (Bro) Technical User Workshop - Atlanta, GA

This workshop is free and open to the public, but registration is required.

Keeping your networks safe is a priority for everyone these days and this workshop is for anyone who is interested in using Zeek (formerly Bro) as part of their network security monitoring stack.

This workshop will include:

• An Intro to Zeek (tool)
• An Intro to Zeek Scripting (language)
• Threat Hunting with Elastic +Zeek (data)

If you have heard of Zeek (Bro), already use it, interested in learning more about using Elastic to analyze the Zeek logs or just have questions about Zeek then this workshop is for you.

If you are a sysadmin, threat hunter, incident responder or otherwise part of the decision making process for your network security monitoring solution then you'll want to be part of this workshop.

More information about Zeek can be found at: https://www.zeek.org/

Time
9-10am - Registration

10-10:15am - Welcome - Amber Graner, Zeek Director of Community, Corelight

10:15-11am - Intro to Zeek - Seth Hall

11am-11:15am - Break

11:15am-12pm - Intro to Zeek Scripting - Seth Hall

12-1pm - Lunch (provided)

1-2pm - Threat Hunting with Elastic+Zeek - Alex Kirk (Corelight) and Michelle Bennet (Elastic)

2-2:15pm - Break

2-3pm - Profiling in Production (Memory, Core & Script profiling; Problems solved and lessons learned) - Justin Azoff (Corelight)

3-3:30pm - Q&A/Wrap up - Seth/Alex/Amber and others TBD

3:30-5pm - Happy Hour sponsored by Corelight - onsite