[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: [Zeek] Reminder - Zeek Webinars This week 22 and 23 July 2020
From: Amber Graner <akgraner () corelight ! com>
Date: 2020-07-21 21:54:50
Message-ID: CAJhOzuqQUz9gUB=MRwiBN7hP3e9WbZu8yc7qvGpeenRVD8+qHQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi all,
This week we have 2 events - Zeek From Home and Ask The Zeeksperts. Below
is information on both of these events. Please note for the ask the
Zeeksperts we have included some of the questions we have been asked. You
can add more questions for the Zeeksperts at:
https://forms.gle/Phx3DydWvSq6a7NC9
________
<https://forms.gle/Phx3DydWvSq6a7NC9>
22 July 2020 – ZEEK FROM HOME –11am PDT/2pm EDT – SPICY (Part 2) and
presented by Robin Sommer
In this Zeek Webinar, Robin continues the conversation about Spicy. If you
missed Part 1 you can find out more at.
https://zeek.org/2020/06/09/zeek-from-home-episode-4-security-onion-recording-now-available/
REGISTRATION LINK –
https://corelight.zoom.us/webinar/register/WN_W_cJVVykQh-jT6ogoPCKTw
________
23 July 2020 – ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT - Zeeksperts -
Seth Hall, Jeff Atkinson, Ryan Victory, Justin Azoff, and Richard Bejtlich
REGISTRATION LINK –
https://corelight.zoom.us/meeting/register/tJAlce6trjIsHtPe4jx4h12JTEzYhSRdv96w
Below are the questions we'll be answering on Thursday.
Q1 - Regarding the UID generating function. Is it possible to have a custom
function that will not be affected by start time of the process or some
random seed. The motivation is to get the same UID when processing the same
PCAP file twice. Another option is getting the same UID for the same 5tuple
(id.orig_h, id.resp_h, id.orig_p, id.resp_p) for different sessions on a
live traffic capture mode.
Q2. What is the purpose of try.zeek.org? Is it the best way to learn Zeek
scripting, when in my learning process should I be using it?
Q3. Could we have an author of one of the 4-5 recent detection packages
talk through their process for creating the script? How did they get the
idea, what tools & data did they use, how long did it take, etc?
Q4. I've heard that the 'history' field in the CONN log is one of Zeek's
coolest features, but I'd like a walk-through please. And could we get some
discussion of the new 'logarithmic' features for some of the letters?
Q5. I see that some questions are answered on the mailing list, some on
Slack, and there is also Zeek related discussion that happens with github
issues. What's the best way for me to communicate a question or comment?
Q6. Are there plans for a virtual Zeek Week this year?
Q7. I'm new to Zeek and not a strong coder, but I really want to contribute
to the community. What are 3-4 things I could do that would help Amber and
help the community as I learn the ropes?
Q8. I'm interested in contributing to the Zeek Package Contest, but I'm
still a beginner. Is it easier to get started with Zeek scripting or with
Spicy?
Thanks!
~Amber
[Attachment #5 (text/html)]
<div dir="ltr">Hi all, <div><br></div><div>This week we have 2 events - Zeek From \
Home and Ask The Zeeksperts. Below is information on both of these events. Please \
note for the ask the Zeeksperts we have included some of the questions we have been \
asked. You can add more questions for the Zeeksperts at: <a \
href="https://forms.gle/Phx3DydWvSq6a7NC9">https://forms.gle/Phx3DydWvSq6a7NC9</a></div><div><br></div><div>________<a \
href="https://forms.gle/Phx3DydWvSq6a7NC9"><br></a><div><br></div>22 July 2020 – \
ZEEK FROM HOME –11am PDT/2pm EDT – SPICY (Part 2) and presented by Robin Sommer \
<div><br></div><div>In this Zeek Webinar, Robin continues the conversation about \
Spicy. If you missed Part 1 you can find out more at. <a \
href="https://zeek.org/2020/06/09/zeek-from-home-episode-4-security-onion-recording-no \
w-available/">https://zeek.org/2020/06/09/zeek-from-home-episode-4-security-onion-recording-now-available/</a><br><br>REGISTRATION \
LINK – <a href="https://corelight.zoom.us/webinar/register/WN_W_cJVVykQh-jT6ogoPCK \
Tw">https://corelight.zoom.us/webinar/register/WN_W_cJVVykQh-jT6ogoPCKTw</a></div><div><br></div><div>________</div><div><br></div>23 \
July 2020 – ASK THE ZEEKSPERTS – 12:30pm PDT/3:30pm EDT - Zeeksperts - Seth \
Hall, Jeff Atkinson, Ryan Victory, Justin Azoff, and Richard Bejtlich \
<div><br></div><div>REGISTRATION LINK – <a \
href="https://corelight.zoom.us/meeting/register/tJAlce6trjIsHtPe4jx4h12JTEzYhSRdv96w" \
>https://corelight.zoom.us/meeting/register/tJAlce6trjIsHtPe4jx4h12JTEzYhSRdv96w</a><br><div><br></div><div>Below \
> are the questions we'll be answering on Thursday.</div><div><br></div><div>Q1 - \
> Regarding the UID generating function. Is it possible to have a custom function \
> that will not be affected by start time of the process or some random seed. The \
> motivation is to get the same UID when processing the same PCAP file twice. Another \
> option is getting the same UID for the same 5tuple (id.orig_h, id.resp_h, \
> id.orig_p, id.resp_p) for different sessions on a live traffic capture \
> mode.</div><div><br></div><div>Q2. <span \
> style="font-family:Arial;font-size:10pt">What is the purpose of <a \
> href="http://try.zeek.org">try.zeek.org</a>? Is it the best way to learn Zeek \
> scripting, when in my learning process should I be using it?</span></div><div><span \
> style="font-family:Arial;font-size:10pt"><br></span></div><div><span \
> style="font-family:Arial;font-size:10pt">Q3. </span><span \
> style="font-family:Arial;font-size:10pt">Could we have an author of one of the 4-5 \
> recent detection packages talk through their process for creating the script? How \
> did they get the idea, what tools & data did they use, how long did it take, \
> etc?</span></div><div><span \
> style="font-family:Arial;font-size:10pt"><br></span></div><div><span \
> style="font-family:Arial;font-size:10pt">Q4. </span><span \
> style="font-size:10pt;font-family:Arial">I've heard that the 'history' \
> field in the CONN log is one of Zeek's coolest features, but I'd like a \
> walk-through please. And could we get some discussion of the new \
> 'logarithmic' features for some of the letters? </span></div><div><span \
> style="font-family:Arial;font-size:10pt"><br></span></div><div><span \
> style="font-family:Arial;font-size:10pt">Q5. </span><span \
> style="font-size:10pt;font-family:Arial">I see that some questions are answered on \
> the mailing list, some on Slack, and there is also Zeek related discussion that \
> happens with github issues. What's the best way for me to communicate a \
> question or comment? </span></div><div><span \
> style="font-family:Arial;font-size:10pt"><br></span></div><div><span \
> style="font-family:Arial;font-size:10pt">Q6. </span><span \
> style="font-size:10pt;font-family:Arial">Are there plans for a virtual Zeek Week \
> this year? </span></div><div><span \
> style="font-family:Arial;font-size:10pt"><br></span></div><div><span \
> style="font-family:Arial;font-size:10pt">Q7. </span><span \
> style="font-size:10pt;font-family:Arial">I'm new to Zeek and not a strong \
> coder, but I really want to contribute to the community. What are 3-4 things I \
> could do that would help Amber and help the community as I learn the ropes? \
> </span></div><div><span \
> style="font-size:10pt;font-family:Arial"><br></span></div><div><span \
> style="font-size:10pt;font-family:Arial">Q8. </span><span \
> style="font-family:Arial;font-size:10pt">I'm interested in contributing to the \
> Zeek Package Contest, but I'm still a beginner. Is it easier to get started \
> with Zeek scripting or with Spicy?<br> </span></div><div><span \
> style="font-family:Arial;font-size:10pt"><br></span></div><div><span \
> style="font-family:Arial;font-size:10pt">Thanks!</span></div><div><span \
> style="font-family:Arial;font-size:10pt"><br></span></div><div><span \
> style="font-family:Arial;font-size:10pt">~Amber</span></div><div><span \
> style="font-size:10pt;font-family:Arial"> </span><span \
> style="font-family:Arial;font-size:10pt"><br> </span></div><div><span \
> style="font-family:Arial;font-size:10pt"> \
> </span></div><div><br></div><div><br><br></div></div></div></div>
_______________________________________________
Zeek mailing list
zeek@zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic