Virtual Zeek Week
ZeekWeek is the annual gathering of defenders, developers, incident responders, threat hunters, and security architects who rely on Zeek.
Date and time
Location
Online
About this event
Virtual Zeek Week is a FREE 3-day online only event.
Join links will be sent to ticket holders prior to the start of each event. Please select a ticket for each day you would like to attend.
Link to the full schedule can be found at: https://zeekweek20.sched.com/
SCHEDULE and AGENDA for Virtual ZeekWeek 2020 (Subject to change)
13 October 2020 – Day 1 – Training*
***All registered attendees will be sent the view link and link to the slack channels prior to the start of the days events.***
- 9am – 1:20pm – Hands on Introduction to setting up and running Zeek - Session 1
- 9am – 1:20pm – Hands on Zeek Scripting - Session 2
(*Please note the above sessions will run concurrently , please only select one session when you register)
14 October 2020 – Day 2 – User/How to/Threat Hunting Incident Responder track*(These can be somewhat technical, but not a deep dive into the code.)
***All registered attendees will be sent the view link and link to the slack channels prior to the start of the days events.***
- 9 – 9:20am – Day 2 - Welcome /LT Introductions and Governance Update - Keith Lehigh
- 9:20 – 9:40am – Day 2 - An Overview of Zeek Performance - Vern Paxson
- 9:40 – 10am – Day 2 - I have an IT inventory! Now what? - Nick Turley
- 10 -10:20am – Day 2 - Is Weird still weird? Take-2 @ESnet - Fatema Bannat Wala
- 10:20 – 10:40am – Day 2 - Zeek Agent: Correlating Host and Network Logs for Better Forensics - Wajih Ul Hassan
- 10:40 – 11am – Day 2 - BSD Honeypots with Zeek - Of course it runs on BSD - Michael Shirk
- 11 – 11:20am – BREAK
- 11:20 – 11:40am – Day 2 - Using Zeek in ESnet6 management network security monitoring - Scott Campbell
- 11:40am – 12:00pm – Day 2 - A Structural Approach to Modeling Encrypted Connections - Anthony Kasza
- 12:00 – 12:20pm – Day 2 - Zeek, and Splunk, and Alertus, oh My - Brian Allen
- 12:20 – 12:40pm – Day 2 - How to set your logs on fire with Emoji-🔥 - Benjamin Berens & Jan Grashöfer
- 12:40 – 1pm – Day 2 - Gamification of Zeek: Demonstrating the Power of Zeek through CTFs - Aaron Soto
- 1 – 1:20pm – Day 2 - Community/2021 Strategic Plan Update - Amber Graner
15 October 2020 – Day 3 – Developer/Roadmap Track (4 hours)* (What’s new about 4.0; input for beyond 4.0; updates on SPICY, Zeek-Agent, Supervisor, Sigma, Feature Requests from Community etc. )
***All registered attendees will be sent the view link and link to the slack channels prior to the start of the days events.***
- 9 – 9:30am – Day 3 - Welcome - 4.0 and beyond - High-level Roadmap - Robin Sommer
- 9:30 – 10am – Day 3 - Packet analyzers - Jan Grashöfer and Tim Wojtulewicz
- 10 - 10:30 - Day 3 - Introducing Spicy - Benjamin Bannier
- 10:30 – 11am – Day 3 - Compiling Zeek Scripts - Vern Paxson
- 11 - 11:30am - Day 3 - Packaging Zeek's policy scripts with better zkg templating - Vlad Grigorescu and Christian Kreibich
- 11:30 – 12:00pm – Day 3 - Towards a New Management Framework for Zeek Clusters - Christian Kreibich and Robin Sommer
- 12 – 12:20pm – Day 3 - BREAK
- 12:20 – 12:40pm – Day - 3 - Starting to Zeek - Steve Smoot
- 12:40 – 1:00pm – Day 3 - Test before Production: Introducing ZTest, a Unit Testing Framework for Zeek - Ryan Victory
- 1:00pm to 1:20pm - Day 3 - Spicy-parser Best-practices - Duffy O'Craven
- 1:20pm – 1:40pm – Day 3 - Recursive File Analysis in Zeek - Kazi Alom