Alex Kirk


Alex Kirk is an open source security veteran, including 10 years as a Snort-head with Sourcefire Research, time as a field engineer supporting Nessus for Tenable, and most recently working with Zeek/Bro at Corelight. He is a frequent speaker at security conferences from BSides to Hacker Halted, and author of a pair of chapters in "Practical Intrusion Analysis".

Abstract: The open source Zeek network security monitor provides valuable data for incident responders and threat hunters alike. This talk will discuss how to use that data to lower the time necessary to find attackers on your network, as well as ways that advanced users can take Zeek's scripting language to create powerful, flexible detection logic that goes beyond traditional point-in-time IDS signatures.