vZW21 – Day 3 – Developer Track
vZeekWeek 2021 – Day 3 – Developer/ Zeek Roadmap Track
Don’t forget; register today!
(Please note all times are Pacific Time)
9:00am – 9:10am |
Recap Day 2 and Overview of Day 3
(Talk 1) |
Amber Graner |
9:10am – 9:40am |
Keynote
(Talk 2) |
Richard Bejtlich |
9:40am – 10:00am |
Roadmap & Contribution How-To
(Talk 3) |
Robin Sommer |
This talk will talk about what’s on the roadmap of the Zeek development team for the near- and medium term future. We’ll also talk about ways you can contribute to Zeek, through code, testing, documentations, or just ideas & feedback. | ||
10:00am – 10:20am |
The new packet processing pipeline
(Talk 4) |
Tim Wojtulewicz |
At last year’s ZeekWeek, we introduced the new Packet Analysis framework for adding a new type of analyzers below layer 3, which opens up an entirely new class of detections not previously possible. This talk expands on that introduction, describing new use cases and the ways that we have been extending Zeek’s capabilities using the new framework. | ||
10:20am – 10:40am | BREAK | |
10:40am – 11:00am |
zkg templates
(Talk 5) |
Christian Kreibich |
Zeek 4.1 introduces the ability to bootstrap Zeek packages directly via zkg’s new templating feature. This talk will explain this new feature and show examples of new Zeek packages with various capabilities, such as the plugins, Spicy analyzers, and CI. | ||
11:00am – 11:20am |
Creating Zeek analyzers packages with Spicy
(Talk 6) |
Benjamin Bannier |
At last year’s ZeekWeek we introduced the Spicy language and toolset for efficiently creating memory-safe parsers for network protocols. Since then we have released a first major release and a number of minor releases making Spicy more ergonomic, addressing bugs, and streamlining the processes of creating new Zeek analyzers.
This talk gives a walkthrough of how to create a new Zeek analyzer package using Spicy from parser grammar to deployable Zeek package. |
||
11:20am – 11:40am |
Compiling Zeek scripts
(Talk 7) |
Vern Paxson |
Zeek’s performance depends in part on how quickly the system executes the user’s scripts, as well as the many predefined scripts Zeek makes available. To date, this execution has used a high-level interpreter, which imposes considerable overhead. This talk will sketch two new experimental features for executing scripts much more quickly: compiling them to a low-level form (“ZAM”), and directly to C++. | ||
11:40am – 12:00pm |
Build Zeek with static plugins included
(Talk 8) |
Seth Hall |
Since dynamically buildable plugins have been added to Zeek there has been a problem encountered by enthusiastic users where the plugins could fall out of date with their Zeek build. This can result in broken Zeek deployments. This talk will go into how this problem is solved by directly integrating plugins into the main Zeek build with a new feature in Zeek 4.1. | ||
12:00pm – 12:30pm | LUNCH | |
12:30pm -12:50pm |
Replacing ZeekControl with the new Cluster Controller
(Talk 9) |
Christian Kreibich |
Zeek 4.1 includes a first version of Zeek’s future Cluster Controller, which we’ve slated to replace the aging ZeekControl in Zeek 5. This talk will provide a status update of what’s currently implemented and provide a first glance at this emerging functionality. | ||
12:50pm – 1:10pm |
Lightning Talks
(Talk 10) |
TBA |
Arne Welzel: ZeekJS: An experimental Zeek plugin embedding Node.js supporting event handling in Javascript.
Matthias Vallentin: Becoming a Logger Node: Native Consumption of Zeek Logs Seth Hall: Telemetry for Zeek Justin Azoff: Isolating and fixing a script performance issue Johanna Johnson: Log Policy Hooks: What’s new in 4.1 and Dealing with Predicate Depreciation.
|
||
1:10pm – 1:50pm |
Ask the Speakers Q&A
(Talk 11) |
|
1:50pm – 2:00pm |
Summary, Wrap-Up and Thank you’s
(Talk 12)
|
Amber Graner |