Workshop: Threat Hunting and Incident Response using Zeek and Elastic


Aug 24, 2019, 2:30 – 6:00 PM


About this event

Zeek (formerly known as Bro) is an open-source network security tool commonly used by security practitioners for network security monitoring. Network Security Monitoring is based upon the collection of data to perform detection and analysis.

With the collection of a large amount of data, SOCs should be able to stitch together events that occur, however the mean time to remediate could take many hours or weeks. With traditional logs and PCAP, finding relevant data can be difficult and retention costly. With Zeek, formerly Bro, metadata fields used by and designed for security helps reduce mean time to remediate, while the flexibility of the programming language allows for custom analyst driven detections. Because Zeek is written in indexable ascii format, it is more compact and can be retained for months to years as compared to PCAP.

The Elastic Stack is commonly used by security analysts to aggregate and analyze security events, including network security monitoring data. The integration between Zeek and Elastic allows to easily ingest and analyze network events generated by Zeek.

During this hands-on workshop we will introduce Zeek and the Elastic Stack and teach you how to deploy and configure both products so that logs generated by Zeek are ingested into Elasticsearch and how perform Threat Hunting and Incident Response using Kibana.

Additionally, during the labs we will work though examples of how hunting/incident response can be used to decrease the mean time towards discovery and remediation.

Three CPEs will be provided to security practitioners attending this event.

Thank you SecureSet for co-hosting this event!

*** Event Agenda ***

8:30AM - 9:00AM Setup & Breakfast
9:00AM - 12:00PM Hands-on Workshop

*** About the Presenters ***

Richard Chitamitre is a technology evangelist at Corelight. Prior to that he worked as a Senior Security Analyst at Edward Jones. He has spent over a decade serving in the U.S. Navy across a number of Computer Network Operation roles, including work as a Requirements and Targeting Analyst for NSA’s Tailored Access Operations team and an Incident Response and Threat Hunt operator for the Navy CNMF.

Matteo Rebeschini is a Security Specialist at Elastic, based out of Boulder, Colorado. Matteo's primary role at Elastic is to help customers on architecting real-time security analytics solutions based on the Elastic Stack. Matteo has 18+ years of experience in the cybersecurity industry covering various roles, from software engineering to technical product management and more recently consulting and solutions architecture. Prior to Elastic, Matteo was a Sales Engineer at LogRhythm, where he covered all Federal agencies.



Saturday, August 24, 2019
2:30 PM – 6:00 PM UTC


  • Matteo Rebeschini


  • Olivia Petrie

    Community Programs

Contact Us