Connecting the Dots with Zeek (Bro)

Tuesday, May 14 | 2:45PM–3:45PM CT | Zurich Ballroom BC, First Floor Event Centre
Session Type: Breakout Session
The ability to connect the dots when responding to security incidents and threat hunting is vital to the success of cybersecurity teams. We face challenges of security tools failing to integrate, failing to correlate, and failing to tell the story. University systems are rich with security data but are often underutilized due to difficulties in integrating and conducting analytics. BYU is tackling this challenge by building an event-driven microservices architecture with a focus on orchestration, rapid integrations, and contextual enrichment. We will focus on how data-rich network security platforms such as Zeek and Corelight can be used to connect the dots, tell the story, and massively reduce the time to incident resolution and threat detection.

Outcomes: Learn about unique ways Zeek can be used as more than just an intrusion-detection system * Understand the purpose of event-driven microservices architectures in SecOps * Learn about the importance of contextual enrichment and correlation in operational threat hunting


  • Vincent Stoffer

    Sr. Director, Product Management, Corelight Inc
  • Nicholas Turley

    Enterprise Architect, Brigham Young University

Resources & Downloads

  • Connecting the Dots with Zeek

    Updated on 11/26/2019