Tuesday, November 12, 2019

ZeekWeek 2019 - Summary and Slides

The global community of Zeek developers and users gathered together in Seattle last month, October 8-11, for the annual ZeekWeek (formerly BroCon) event. 


171 network security professionals representing 84 organizations travelled from all over the world to share ideas and knowledge of Zeek.

This year’s event consisted of 2 Zeek training sessions, 17 presentations, lightning talks, a community Q&A panel discussion, and more.

In case you missed this year’s event, here is a list of all the talks as well as all the slides that were made available to organizers. The full agenda and talk descriptions can be found on the ZeekWeek.com website. (Please note: There will be a message that states this event has already happened; just hit the escape key and it will go away. Also, videos coming soon!)


Sessions

8 October 2019 - Pre-conference Training

(Training slides available for attendees only)
  • Intro to Zeek, Keith Lehigh, Indiana University
  • Making Sense of Encrypted Traffic, Matt Bromely and Aaron Soto

9 October 2019 - ZeekWeek Day 1 - Sessions

  • Opening Remarks, Keith Lehigh, Indiana University (Slides)
  • Keynote: The Threats are Changing, So are We as Defenders, Freddy Dezure, Founder and former Head CERT-EU (Slides)
  • eZeeKonfigurator: Web Frontend for the Config Framework, Vlad Grigorescu, ESnet (Slides)
  • BZAR – Bro/Zeek ATT&CK-based Analytics and Reporting, Mark Fernandez, Lead Cybersecurity Engineer The MITRE Corporation (Slides)
  • Run, Zeek, Run!, Jim Mellander, Cybersecurity Engineer, ESnet (Slides)
  • DNSSEC Protocol Parser - A Case Study, Fatema Bannat Wala, Security Engineer, University of Delaware (Slides)
  • Profiling in Production, Justin Azoff, Corelight (Slides)
  • Identifying Small Heavy-Hitter Flows Using Zeek to Optimize Network Performance, Jordi Ros-Giralt, Managing Engineer, Reservoir Labs (Slides)

10 October 2019 - ZeekWeek Day 2 - Sessions


  • 7 Years with Zeek on Commodity Hardware, Michal Purzynski. Engineer, Mozilla Corporation (Slides)
  • Zeek 3.0.0 and beyond, Robin Sommer, Corelight, CTO and Co-Founder (Slides)
  • Baseline the Network with Zeek, Adam Pumphrey, Consultant, Nimbus LLC (Slides)
  • Without U There is No CommUnity, Amber Graner, Zeek Community Director, Corelight (Slides)
  • Zeek - Incident Response and Beyond, Aashish Sharma, Lawrence Berkeley National Lab
  • Encrypted Things: Network Detection and Response in an Encrypted World, TJ Biehle, Sr. Technical Account Manager, Insight (Slides)
  • Lightning Talks (Various presenters)
    • Zeek Based IPS (Slides)
    • Challenge: Zeek on a large amount of low power sensors, Alex Bortok (Slides)
    • Using BRO [Zeek] to tattle on other tools, Patrick Cain, The Cooper-Cain Group. Inc. (Slides)
    • Contributing to Zeek (How to do a Pull Request), Tim Wojtulewicz, Corelight (Slides)
    • Dynamite-NSM, Open-source project for network traffic analysis with Zeek, Suricata, Flow Data and ELK, Oleg Sinitsin, Dynamite.AI (Slides)
    • eZeeKonfigurator - notice config, Michael Dopheide, ESnet (Slides)
    • How I became a Zeeker & Why I Zeek, Jeff Atkinson (Slides)
  • Using Zeek for SSL Research, Johanna Amann, Senior Researcher, ICSI / Corelight / LBL (Slides)

11 October 2019 - ZeekWeek Day 3 - Sessions

  • New Implementation of Zeek Dictionary to use Less Memory, Jason Lu, Senior Staff Software Engineer, Gigamon (Slides)
  • Introduction to Zeek Script Writing, Seth Hall, Corelight, Chief Evangelist and Co-Founder (No slides were used for this talk; live scripting)
  • Visualizing, Analyzing and Filtering Zeek Events using a Graphical Frontend and OpenGL, Nick Skelsey, Security Engineer, Secure Network (Slides) (Demo Vids)

Thoughts on the event

"ZeekWeek 2019 was another great opportunity to catch up with colleagues across both R&E and industry. It's always inspiring to see what people have been doing with Zeek over the last year." ~ Michael Dopheide, ESnet
“Great experience sharing knowledge and collaborating with the community in this year's ZeekWeek, so much useful content and great place to “zeek out” with fellow Zeekers!” ~ Fatema Bannat Wala, Security Engineer, University of Delaware
“ZeekWeek2019 provided a great opportunity to share knowledge in pursuit of defending networks. Without the people, Zeek is just a tool.” ~Keith Lehigh, Indiana University and Chair, Zeek Leadership Team
“We use Zeek, you should too!” ~ Aashish Sharma, Lawrence Berkeley National Lab and Zeek Leadership Team Member
"It's amazing to see everything this community is doing with Zeek." ~ Robin Sommer, Corelight, CTO and Co-Founder; Zeek Leadership Team Member


Many Thanks and Much Appreciation


Zeek events, such as this year’s ZeekWeek, are only possible through the generous support of the Zeek community, its sponsors and hosts. A huge shoutout and “THANK YOU” to all out sponsors and speakers!!

Helpful Links and information:


Getting Involved: If you would like to be part of the Open Source Zeek Community and contribute to the success of the project please sign up for our mailing lists, join our IRC Channel, come to our events, follow the blog and/or Twitter feed. If you’re writing scripts or plugins for Zeek we would love to hear from you! Can’t figure out what your next step should be, just reach out. Together we can find a place for you to actively contribute and be a part of this growing community.

About Zeek (formerly Bro): Zeek is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders. https://www.zeek.org/

No comments:

Post a Comment