Want to see Live Online in action? SANS is launching a new series of free workshops available in the Live Online platform, held every other Tuesday with our top instructors. These workshops are two-hour hands-on virtual environments that give you the opportunity to dive into the material and start trying out tools and techniques that are useful and relevant in focus areas across cybersecurity.
The upcoming workshops are listed out below and will feature the same platform, TA support, and Slack channel benefits that you would get in a Live Online environment. We recommend bookmarking this page and checking back frequently, as we'll be adding more in the days and weeks to come.
Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.
Free Upcoming Live Online Workshops
Advanced Zeek – Brim, Zeek agent, Spicy, and new Zeek packages
Tuesday, December 8th, 2020 at 10:00am - 12:00pm EST (15:00 UTC)
Duration: 2 Hours
David Szili and Eva Szilagyi
In 2020, the popular network security monitoring and analytics platform Zeek (formerly known as Bro) got a few great additions. Not only could we benefit from the outcomes of the Zeek Package Contests, but we also now have a Zeek agent for monitoring Linux and macOS endpoints. A new domain-specific scripting language, called Spicy, has been available since May to write parsers for Zeek. On top of all that, a start-up called Brim Security also released several tools like zq and Brim, allowing security analysts to search large packet captures and Zeek logs more efficiently.
In this workshop, we will start with zq and Brim and see how we can analyze PCAPs and Zeek logs with them. We will see how the Zeek agent works and briefly look at the Spicy parser generator. If time allows it, we will also review a few of the new Zeek scripts contributed by the community. Join us and explore these exciting new options to see how you can use them to supercharge your Zeek environment!
- A host system with at least 8 GB of RAM and 20-30 GB of free disk space.
- VMware Workstation Pro, VMware Workstation Player, or VMware Fusion installed.
- Intermediate Zeek skills (experienced user/admin level)
- Familiarity with Zeek scriping (ability to read Zeek scripts)
- Familiarity with network protocols (TCP/IP and application layer)
What is Live Online Training?
Instructor-led, remote delivery of SANS courses & more. SANS Live Online events provide interactive training with all the same additional learning opportunities as in-person events. Choose your course, network with peers, and attend bonus sessions and cyber ranges.
Benefits of Live Online
- Live, interactive sessions with SANS instructors
- Flexible options to complete courses in 1, 2, 3, or 6 weeks
- Hands-on labs in a virtual environment
- Four months of online access to the archive of your course
- Extended access to your course MP3 archive
- Electronic courseware and materials