Threat Hunting Workshop


Calling blue teamers, threat hunters, and database/SIEM engineers.

Learn how to get the most out of your Elasic ELK stack from the insights of real world multi-TB/day deployments.

In addition, learn insights from large scale deployments of both Bro (Zeek) and Windows WEF.
Afterwards, apply threat hunting for both of these log sources inside of Kibana (ELK).

Finally, high confidence alerting will be shown so you can provide immediate, practical, value. You don’t need a team of “threat hunters”


Who should attend?
Database engineers for a SOC or any network/endpoint security database deployment.
Using Bro (Zeek).
Using Windows (WEF) Logs.
Threat hunters.
SIEM users.
Work with Elastic/ELK.



Portable device (laptop/tablet) that can connect to WiFi

Latest version of Google Chrome, Chromium, or Firefox



30 mins Break’s sprinkled in between the 3 sessions

35 mins Bro logs in threat hunting use cases

35 mins Windows Log (WEF) threat hunting use cases

100 mins Using Kibana for threat hunting on Windows and Bro (Zeek) logs

40 mins Using SIGMA signature framework for alerting and targeted high confidence threat hunting inside ELK.