zeek2es.py - An application to make your Zeek logs Elastic!

2022-02-11T23:00:00Z

23:0023:25
23:00 — 23:25 (UTC)

zeek2es.py - An application to make your Zeek logs Elastic!

This session will introduce a new open source tool written by Keith Jones, Sr. Security Researcher from Coreilght Labs, that will take Zeek logs and import them into Elasticsearch. From there, researchers are able to quickly and easily search for security events. Two benefits of zeek2es are a) no user intervention is required when Zeek log formats change, and b) no additional Python libraries are required. Please attend this talk if you are interested in seeing how Elasticsearch was used to solve common researcher tasks of dealing with many TB's of gzipped ASCII Zeek logs.

Full session Advanced Security Stack
Keith Jones
Sr. Security Researcher | Corelight Labs
Implementing OGC APIs using Elasticsearch and pygeoapi