Conveners
SOC Hackathon: Technical Details and Working Session 1
- Shawn Mc Kee (University of Michigan (US))
- David Crooks (UKRI STFC)
SOC Hackathon: Technical Details and Working Session 2
- David Crooks (UKRI STFC)
- Shawn Mc Kee (University of Michigan (US))
-
Aashish Sharma (LBNL), Dr David Crooks (UKRI STFC), David Jordan (University of Chicago (US)), Shawn Mc Kee (University of Michigan (US))06/11/2024, 13:30
We have some sites that have question/potential issues concerning the traffic measurements from Zeek vs SNMP.
Go to contribution page
- Should be expect that the Zeek traffic estimate should be close to the SNMP counters from the corresponding switch ports?
- Is some kind of NIC/hardware offloading hiding traffic from Zeek?
- Do we have best practice recommendations regarding configurations?
- What should sites... -
Aashish Sharma (LBNL), Dr David Crooks (UKRI STFC), Romain Wartel (CERN)06/11/2024, 14:00
What does it take to craft a good Zeek alert? Can we work through an example or two? What is the suggested guidance for doing this?
Go to contribution page -
Romain Wartel (CERN)06/11/2024, 14:30
How to deploy pDNSSOC
Go to contribution page
Example deployment
Working session -
Dr David Crooks (UKRI STFC), Liam Atherton, Romain Wartel (CERN)06/11/2024, 15:30
How to enable alerts using webhooks and various applications.
Sending to SLACK
Sending to Mattermost
What about Keybase?Why not email?
Go to contribution page -
Dr David Crooks (UKRI STFC), Stefan Lueders (CERN)06/11/2024, 16:00
Zeek, MISP, pDNSSOC, Elasticsearch, Opensearch, Elastiflow, ElastiAlert, other information sources, other tools?
Advantages, capabilities, limitations, concerns....
Let's discuss
Go to contribution page