Overview
The SOC Hackathon will run for 5 days, with an agenda focused on R&E organisations that will be largely constructed from the needs of the community in general and attendees in specific. However, to support this process we define some ground rules/initial structure.
Topics
Possible topics include:
- Zeek
- MISP
- Documentation
- Integration
- Elasticsearch/OpenSearch
- Alerting
- Incident response stack
- Kafka/messaging
- pDNS(SOC)
We will discuss the agenda for the week at the end of Monday/start of Tuesday, but a strawperson first pass might look like this (with common strands throughout)
- Monday:
- Status reports
- Tuesday morning:
- Work to migrate Zeek to EL9
- Tuesday afernoon:
- Work to migrate MISP to EL9
- Wednesday morning:
- Integration
- Wednesday afternoon:
- Documentation
- Thursday morning:
- Elasticsearch/OpenSearch
- Kafka/messaging
- Thursday afternoon:
- Alerting
- Incident response stack
- pDNS(SOC)
- Friday:
- Miscellaneous
Organisation
The first session on Monday will include slots for any status talks/progress reports participants would like to give. After lunch on the Monday, we'll finish any remaining talks but then focus on building the agenda for the rest of the week (or at least the Tuesday).
Preparation
Regular SOC WG dev meetings are currently being coordinated: we would anticipate that a key outcome from these meetings this summer will be an initial set of problems and challenges to work on during this week
Breaks
We expect each session to contain at least 30 minutes of break - this should be organised per session but then stuck to
