Schedule
Workshop Schedule
Day 1 — Wednesday, February 26, 2025
| 09:00 – 09:10 | Welcome and Logistics |
| 09:10 – 09:30 |
Building up Security Capabilities for a University
Thomas Schreck (Hochschule München) |
| 09:30 – 10:00 |
The State of Zeek
Christian Kreibich (Zeek LT / Corelight) |
| 10:00 – 10:30 |
Operationalizing Zeek Deployments
Aashish Sharma (Zeek LT / Lawrence Berkeley National Lab) |
| 10:30 – 11:00 | Break |
| 11:00 – 11:30 |
Navigating the Noise: A Journey with Zeek’s ICS/OT Logs
Vince Stoffer (Corelight) |
| 11:30 – 12:00 |
Meet “Spicy”: *You* can write a protocol parser now
Robin Sommer (Zeek LT / Corelight) |
| 12:00 – 13:00 | Lunch |
| 13:00 – 13:30 |
Inside the Zeek Project: Organization, Governance & Community
Johanna Amann (Zeek LT Chair / Corelight) |
| 13:30 – 14:00 |
Developing Zeek scripts with style ✨
Benjamin Bannier (Corelight) |
| 14:00 – 14:30 |
ZeekJS: Extending Zeek through JavaScript
Arne Welzel (Corelight) |
| 14:30 – 15:00 |
Protocol Identification in Zeek
Jan Grashöfer (Corelight) |
| 15:00 – 15:30 | Break |
| 15:30 – 16:00 |
Lightning Talks
Moderator: Johanna Amann
|
| 16:00 – 16:30 |
Zeek Roadmap
Christian Kreibich (Zeek LT / Corelight) |
| 16:30 – 17:00 | Q&A: Ask anything! |
Day 2 — Thursday, February 27, 2025
09:00-12:30 Training: Incident Response with Zeek (Aashish Sharma, LBNL)
Aashish Sharma is a member of the cyber security team at the Lawrence Berkeley National Lab. He is also a member of the Zeek Leadership Team.
12:30-13:30 Lunch
13:30-17:00 Training: Writing Protocol Analyzers with Spicy (Benjamin Bannier, Corelight)
This training is intended to build and enhance your understanding and proficiency in utilizing the Spicy parser generator. The material targets primarily a technical audience, but is open to anyone.
Topics:
- Basics of programming and parsing with Spicy
- Working with the Spicy documentation
- Using Spicy to create Zeek analyzers
Prerequisites:
- Familiarity with a programming/scripting language
- Basic familiarity with Zeek and its event model.
Speaker:
Benjamin Bannier works as a Senior Open Source Developer at Corelight where he spends most of his time maintaining and evolving Spicy and its integration into the Zeek ecosystem. He previously worked on containerization and workload orchestration with Apache Mesos, and distributed columnar data stores. He holds a PhD in Physics from Stony Brook University.