Loading…
Virtual ZeekWeek 2020 is free to attend, but registration is required. 
Back To Schedule
Wednesday, October 14 • 10:00am - 10:20am
Day 2 - Is Weird still weird? Take-2 @ESnet - Fatema Bannat Wala LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.


Limited Capacity seats available

You MUST register through eventbrite to gain access to this session (Day 2).

Is Weird still weird? Take-2 @ESnet - Fatema Bannat Wala

Summary: This presentation is going to be about the findings and resolution done to mitigate some of the heavily triggered weirds at ESnet network. Similar to the analysis done in an earlier version of this talk back in 2018 (Is weird really weird?), however this time, it's new findings on the different network.

Abstract: The weird log file is one of the most interesting log files to analyze that Zeek generates. It reveals information about network activity that is not categorized as normal according to the TCP/IP and other protocol standards. I started to pay more attention to the weird.log file for the last few years and there was a talk related to the same in 2018, which talked about the network misconfigurations found and how they were fixed, based on the weird.log file analysis. Similarly, this time as well, the talk is going to be presenting findings and results done on the ESnet's network traffic, and whether they are really ‘weird’, or just a misconfigured application or misconfigured firewall rules, which is causing the weird patterns in the traffic.

Slack Channel for this session - #vzw-day2-talk4-is-weird-still-weird
Haven't joined the Zeek Slack space yet you can do so at:
https://join.slack.com/t/zeekorg/shared_invite/zt-cgz9wa7p-BXihgVtZlmnRfHZXmUltZQ

Link to Session Survey - https://forms.gle/aFCTXniakuJGi7YN9

Speakers
avatar for Fatema Bannat Wala

Fatema Bannat Wala

ESNet
I am a big fan of Zeek and a security enthusiast , working in the industry as a Security Engineer for past 5 years. Recently I joined ESnet's security team where I work on the centralized SIEM solution, making IDS/NSM monitoring better and doing IR and threat hunting.



Wednesday October 14, 2020 10:00am - 10:20am PDT
Online - Zoom Meeting Room