Zeek (formerly known as Bro) is an open-source network security tool commonly used by security practitioners for network security monitoring. Network Security Monitoring is based upon the collection of data to perform detection and analysis. With the collection of a large amount of data, SOCs should be able to stitch together events that occur, however making sense out of large volume of events generated from multiple devices can be challenging.
The Elastic Stack is commonly used by security analysts to aggregate and analyze security events, including network security monitoring data. The integration between Zeek and Elastic allows to easily ingest and analyze network events generated by Zeek.
During this presentation we will introduce Zeek and demonstrate how to easily ingest logs generated by Zeek into Elasticsearch and how perform Threat Hunting and Incident Response using Kibana.
Join us after the presentation for beverages/food and networking opportunities with your peers at a nearby restaurant.
There is a paid lot at the corner of 22nd and Blake. Meters are easily accessible for $1.00 per hour. If you go north of 23rd on Blake, Market or Welton, there is street parking for free and you can walk in.
One CPE will be provided to security practitioners attending this event.
Thank you SecureSet for co-hosting this event!
*** Event Agenda ***
5:30PM - 6:00PM Networking
6:00PM - 7:00PM Presentation
7:00PM - 8:30PM Q&A, Happy Hour and Networking
*** About the Speaker ***
Richard Chitamitre is a technology evangelist at Corelight. Prior to that he worked as a Senior Security Analyst at Edward Jones. He has spent over a decade serving in the U.S. Navy across a number of Computer Network Operation roles, including work as a Requirements and Targeting Analyst for NSA’s Tailored Access Operations team and an Incident Response and Threat Hunt operator for the Navy CNMF.