Elk Engineering with Bro and WEF


Calling blue teamers, threat hunters, and database/SIEM engineers.

Learn how to get the most out of your Elasic ELK stack from the insights of real world multi-TB/day deployments.

In addition, learn insights from large scale deployments of both Bro (Zeek) and Windows WEF.
Afterwards, apply threat hunting for both of these log sources inside of Kibana (ELK).

Finally, high confidence alerting will be shown so you can provide immediate, practical, value. You don’t need a team of “threat hunters”


Who should attend?
Database engineers for a SOC or any network/endpoint security database deployment.
Using Bro (Zeek).
Using Windows (WEF) Logs.
Threat hunters.
SIEM users.

Work with Elastic/ELK.


30 mins Break’s sprinkled in between the 3 sessions

70 mins Production ELK recommendations, tuning+scaling, and common pitfalls from experienced deployments on multi-TB/day scale. Brief overview of the ELK stack before deepdive.

70 mins Bro (Zeek) logs overview, deployment, and scaling on 10Gbps+ networks.

70 mins Windows Log (WEF) deployment, collection, and recommended event logs to collect outside the norm.