Schedule
Workshop Schedule
Day 1 — Wednesday, March 25, 2026
Talk titles and timings are preliminary
| 09:00 – 09:10 | Welcome and Logistics |
| 09:10 – 09:40 | TBD |
| 09:40 – 10:10 | TBD |
| 10:10 – 10:40 | Zeek Roadmap Christian Kreibich (Zeek LT / Corelight) |
| 10:40 – 11:10 | Bringing Situational Awareness into Zeek Aashish Sharma (Zeek LT / Lawrence Berkeley National Lab) |
| 11:10 – 11:40 | Containers, systemd and Prometheus: Running Zeek in 2026 Arne Welzel (Zeek / Corelight) |
| 11:40 – 12:45 | Lunch |
| 12:45 – 13:15 | Plugin development with Rust Benjamin Bannier (Zeek / Corelight) |
| 13:15 – 13:45 | Network Fingerprinting: Theory and Practice Johanna Amann (Zeek LT Chair / Corelight) |
| 13:45 – 14:15 |
The new Zeek Storage Framework
Tim Wojtulewicz (Zeek / Corelight) |
| 14:15 – 14:45 | TBD |
| 14:45 – 15:30 | Break |
| 15:30 – 16:00 | TBD |
| 16:00 – 16:30 | Lightning Talks |
| 16:30 – 17:00 | Q&A – Ask Anything |
Day 2 — Thursday, March 26, 2026
09:00-12:30 Training: Incident Response with Zeek (Aashish Sharma, LBNL)
Aashish Sharma is a member of the cyber security team at the Lawrence Berkeley National Lab. He is also a member of the Zeek Leadership Team.
12:30-13:30 Lunch
13:30-17:00 Training: Introduction to writing Protocol Analyzers with Spicy (Benjamin Bannier, Corelight)
This training is intended to build and enhance your understanding and proficiency in utilizing the Spicy parser generator. The material targets primarily a technical audience, but is open to anyone.
Topics:
- Basics of programming and parsing with Spicy
- Working with the Spicy documentation
- Using Spicy to create Zeek analyzers
Prerequisites:
- Familiarity with a programming/scripting language
- Basic familiarity with Zeek and its event model.
Speaker:Benjamin Bannier works as a Senior Open Source Developer at Corelight where he spends most of his time maintaining and evolving Spicy and its integration into the Zeek ecosystem. He previously worked on containerization and workload orchestration with Apache Mesos, and distributed columnar data stores. He holds a PhD in Physics from Stony Brook University.