Zeek (Bro) Workshop Europe 2019

from Tuesday, April 9, 2019 (11:30 AM) to Thursday, April 11, 2019 (1:30 PM)
CERN (31/3-004)

        : Sessions
    /     : Talks
        : Breaks
Apr 9, 2019
Apr 10, 2019
Apr 11, 2019
AM
11:30 AM
Registration and lunch (until 1:00 PM) (31/3-004 - IT Amphitheatre)
8:15 AM
Visit of CERN facilities (until 10:00 AM) (31/3-009 - IT Amphitheatre Coffee Area)
10:15 AM
Workshop presentations (until 11:45 AM) (31/3-004 - IT Amphitheatre)
10:15 AM Running Zeek on the WAN: Experiences and solutions for large scale flow asymmetry - Sam Oehlert Scott Campbell (Unknown)   (31/3-004 - IT Amphitheatre)
10:45 AM DNSSEC protocol parser - A case study - Ms Fatema Bannat Wala (University of Delaware)   (31/3-004 - IT Amphitheatre)
11:15 AM The new Zeek Configuration Framework - Ms Amann Johanna (ICSI/Corelight/LBL)   (31/3-004 - IT Amphitheatre)
11:45 AM
Lunch (until 1:15 PM) (CERN Restaurant no. 2)
8:00 AM
Breakfast (until 9:00 AM) (31/3-009 - IT Amphitheatre Coffee Area)
9:00 AM
Workshop presentations (until 10:30 AM) (31/3-004 - IT Amphitheatre)
9:00 AM Without “U” there is no CommUnity: Nurturing and growing an active and contributing community - Ms Amber Graner (Corelight)   (31/3-004 - IT Amphitheatre)
9:30 AM Threat hunting @ Mozilla - Mr Michal Purzynski (Mozilla Corporation)   (31/3-004 - IT Amphitheatre)
10:00 AM Q&A Session with the Zeek Team   (31/3-004 - IT Amphitheatre)
10:30 AM
Workshop wrap-up (until 11:30 AM) (31/3-004 - IT Amphitheatre)
PM
1:00 PM
Workshop presentations (until 3:00 PM) (31/3-004 - IT Amphitheatre)
1:00 PM Opening remarks - Frederic Hemmer (CERN)   (31/3-004 - IT Amphitheatre)
1:10 PM Keynote: Finding the balance between academic freedom, operations and security - Stefan Lueders (CERN)   (31/3-004 - IT Amphitheatre)
2:00 PM How did we get here? - Prof. Vern Paxson (UC Berkeley / Corelight / ICSI)   (31/3-004 - IT Amphitheatre)
2:30 PM Real time ingestion of MISP threat intel into Zeek coupled with historical SIEM threat hunting - Dr Matthias Vallentin (Tenzir) Liviu Valsan (CERN)   (31/3-004 - IT Amphitheatre)
3:00 PM
Coffee break (until 3:45 PM) (Restaurant 2 - Coffee Area)
3:45 PM
Workshop presentations (until 4:45 PM) (31/3-004 - IT Amphitheatre)
3:45 PM Looking Forward: On Supervisors, Packages, and Sandboxes - Robin Sommer (Corelight / ICSI / LBNL)   (31/3-004 - IT Amphitheatre)
4:15 PM Email security auditing and alert triage with Zeek - Mr Barry Weymes   (31/3-004 - IT Amphitheatre)
5:00 PM
Welcome reception (until 6:30 PM) (CERN Restaurant no. 2)
1:15 PM
Workshop presentations (until 2:45 PM) (31/3-004 - IT Amphitheatre)
1:15 PM Selective Packet Capture at High Speed Rates - Dr Jordi Ros-Giralt   (31/3-004 - IT Amphitheatre)
1:45 PM Network Cartography Using Passive Traffic Analysis - Vivien Venuti   (31/3-004 - IT Amphitheatre)
2:15 PM A deep dive into the Zeek logging framework - Christian Kreibich (Corelight)   (31/3-004 - IT Amphitheatre)
2:45 PM
Coffee break (until 3:30 PM) (Restaurant 2 - Coffee Area)
3:30 PM
Workshop presentations (until 5:00 PM) (31/3-004 - IT Amphitheatre)
3:30 PM DHCP Overhaul - Mr Seth Hall (Corelight)   (31/3-004 - IT Amphitheatre)
4:00 PM JA3 and Windows hosts - Mr Jeff Atkinson (Verizon Media)   (31/3-004 - IT Amphitheatre)
4:30 PM Using Zeek Endpoint Event Logs when Fishing within a Data Lake - Mr Tim Larson   (31/3-004 - IT Amphitheatre)