Final Days to get an iPad Mini, ASUS Chromebook, or $250 Off Online Training


To attend this webcast, login to your SANS Account or create your Account.

Dramatically Reduce Incident Response Time with Splunk and Bro

  • Thursday, March 8th, 2018 at 1:00 PM EST (18:00:00 UTC)
  • Vince Stoffer, Ken Hanson and John Gamble
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Corelight

You can now attend the webcast using your mobile device!


The network is the ultimate ground truth of evidence for incident responders, but common data sources like NetFlow and DNS server logs are difficult to correlate and dont provide enough detail to quickly answer the critical who/what/where/how questions of incident response.

A better source of network data exists, however, in one of the industrys best-kept secrets: the open-source Bro network security monitor. Bro turns network traffic into high-fidelity data streams that summarize and organize network events by protocol, using a data format designed specifically for incident response that supports easy, fast search in SIEM solutions like Splunk.

Register for this webcast to hear from Vincent Stoffer, Director of Customer Solutions at Corelight, and Ken Hanson, founder of Secure Tech Results, to learn how the power of Bro fundamentally changed their incident response workflows. This webcast will show you how to use Bro logs in Splunk to answer critical IR questions and resolve security incidents and alerts in minutes, not hours or days.

Speaker Bios

Vincent Stoffer

Vincent Stoffer is the Director of Customer Solutions at Corelight, the company founded by the creators of the Bro Network Security Monitor. As the primary product champion, Vince brings the sales, success, and engineering teams together to deliver world-class security products to Corelight customers. Vince previously held security engineering and network management positions at Lawrence Berkeley National Laboratory where he played a critical operational role in incident response, network traffic analysis, and technical consulting to improve the Lab's cyber protections. Prior to LBNL, Vince was the network security engineer at Reed College. He attended Pitzer College in Claremont, CA, graduated with a BA in Humanities from University of Oregon, and he holds the CISSP, GCIH and GCIA certifications.

Ken Hanson

Ken Hanson is the founder of Secure Tech Results, a Massachusetts-based security consultancy and services group that specializes in designing and implementing strategies and architectures to help organizations strengthen their security defences. Prior to founding Secure Tech Results, Ken held security engineering and incident responder roles at Education First, a global education services company, Brandeis University, and MorphoTrust USA (now Idemia). He earned his B.A. from the University of Massachusetts at Lowell, and an M.S. in Homeland Security Studies from Endicott College.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.