Loading…
Virtual ZeekWeek 2020 is free to attend, but registration is required. 
Back To Schedule
Wednesday, October 14 • 12:00pm - 12:20pm
Day 2 - Zeek, and Splunk, and Alertus, oh My - Brian Allen LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Video Stream


Limited Capacity seats available
You MUST register through eventbrite to gain access to this session (Day 2).

Zeek, and Splunk, and Alertus, oh My - Brian Allen

Summary: Learn how to find useful information at the intersection of Zeek, Splunk, and Alertus logs

Abstract: WashU has a communication tool called Alertus which is used to share info with every user on campus during an emergency. The Alertus clients are very chatty and include a lot of useful information when they phone home. Zeek sees this, so we looked for ways to use that data in Splunk. We'll look at some ways we added Alertus user data to Splunk searches to track down machines on campus.

Slack Channel for this session - #vzw-day2-talk9-zeek-splunk-and-alertus
Haven't joined the Zeek Slack space yet you can do so at:
https://join.slack.com/t/zeekorg/shared_invite/zt-cgz9wa7p-BXihgVtZlmnRfHZXmUltZQ

Link to Session Survey - https://forms.gle/aFCTXniakuJGi7YN9
Speakers
avatar for Brian Allen

Brian Allen

Information Security Manager, Washington University in St. Louis
Brian Allen started in IT as a Unix admin in 2000, and has been working in information security at Washington University for 14 years

zeek week alertus pdf
Wednesday October 14, 2020 12:00pm - 12:20pm PDT
Online - Zoom Meeting Room
  Day 2 - User Track, User Track

Attendees (360)