Loading Events

Free Workshop: Threat Hunting and Incident Response using Zeek and Elastic

Free Workshop: Threat Hunting and Incident Response using Zeek and Elastic

SecureSet is teaming up with Elastic Denver User Group to bring you a free workshop on Threat Hunting and Incident Response using Zeek and Elastic!

Zeek (formerly known as Bro) is an open-source network security tool commonly used by security practitioners for network security monitoring. Network Security Monitoring is based upon the collection of data to perform detection and analysis.

With the collection of a large amount of data, SOCs should be able to stitch together events that occur, however the mean time to remediate could take many hours or weeks. With traditional logs and PCAP, finding relevant data can be difficult and retention costly. With Zeek, formerly Bro, metadata fields used by and designed for security helps reduce mean time to remediate, while the flexibility of the programming language allows for custom analyst driven detections. Because Zeek is written in indexable ascii format, it is more compact and can be retained for months to years as compared to PCAP.

The Elastic Stack is commonly used by security analysts to aggregate and analyze security events, including network security monitoring data. The integration between Zeek and Elastic allows to easily ingest and analyze network events generated by Zeek.

During this hands-on workshop we will introduce Zeek and the Elastic Stack and teach you how to deploy and configure both products so that logs generated by Zeek are ingested into Elasticsearch and how perform Threat Hunting and Incident Response using Kibana.

Additionally, during the labs we will work though examples of how hunting/incident response can be used to decrease the mean time towards discovery and remediation.

This SecureSet Speaker Series event is eligible for three hours of Continuing Professional Education! Please speak with a SecureSet staff member at the event to request your certificate.

Thank you Elastic for co-hosting this event!

*** About the Presenters ***

Richard Chitamitre is a technology evangelist at Corelight. Prior to that he worked as a Senior Security Analyst at Edward Jones. He has spent over a decade serving in the U.S. Navy across a number of Computer Network Operation roles, including work as a Requirements and Targeting Analyst for NSA’s Tailored Access Operations team and an Incident Response and Threat Hunt operator for the Navy CNMF.

Matteo Rebeschini is a Security Specialist at Elastic, based out of Boulder, Colorado. Matteo’s primary role at Elastic is to help customers on architecting real-time security analytics solutions based on the Elastic Stack. Matteo has 18+ years of experience in the cybersecurity industry covering various roles, from software engineering to technical product management and more recently consulting and solutions architecture. Prior to Elastic, Matteo was a Sales Engineer at LogRhythm, where he covered all Federal agencies.

8:30AM – 9:00AM | Setup & Breakfast
9:00AM – 12:00PM | Hands-on Workshop

There is a paid lot at the corner of 23rd and Blake. Meters are easily accessible for $1.00 per hour. If you go north of 23rd on Blake, Market or Welton, there is street parking for free and you can walk in. The large lot on 22nd and Blake will be closed to daily paid parking due to an event.

Use the button below to RSVP.

Organizer Info:

SecureSet Academy