Top Instructors Share Their Expertise ONLINE at SANS - Special Offers Available NOW!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Dramatically Reduce Incident Response Time with Splunk and Bro

  • Thursday, March 08, 2018 at 1:00 PM EST (2018-03-08 18:00:00 UTC)
  • Ken Hanson, Vincent Stoffer


  • Corelight

You can now attend the webcast using your mobile device!



The network is the ultimate ground truth of evidence for incident responders, but common data sources like NetFlow and DNS server logs are difficult to correlate and dont provide enough detail to quickly answer the critical who/what/where/how questions of incident response.

A better source of network data exists, however, in one of the industrys best-kept secrets: the open-source Bro network security monitor. Bro turns network traffic into high-fidelity data streams that summarize and organize network events by protocol, using a data format designed specifically for incident response that supports easy, fast search in SIEM solutions like Splunk.

Register for this webcast to hear from Vincent Stoffer, Director of Customer Solutions at Corelight, and Ken Hanson, founder of Secure Tech Results, to learn how the power of Bro fundamentally changed their incident response workflows. This webcast will show you how to use Bro logs in Splunk to answer critical IR questions and resolve security incidents and alerts in minutes, not hours or days.

Speaker Bios

Vincent Stoffer

Vincent Stoffer is the Director of Customer Solutions at Corelight, the company founded by the creators of the Bro Network Security Monitor. As the primary product champion, Vince brings the sales, success, and engineering teams together to deliver world-class security products to Corelight customers. Vince previously held security engineering and network management positions at Lawrence Berkeley National Laboratory where he played a critical operational role in incident response, network traffic analysis, and technical consulting to improve the Lab's cyber protections. Prior to LBNL, Vince was the network security engineer at Reed College. He attended Pitzer College in Claremont, CA, graduated with a BA in Humanities from University of Oregon, and he holds the CISSP, GCIH and GCIA certifications.

Ken Hanson

Ken Hanson is the founder of Secure Tech Results, a Massachusetts-based security consultancy and services group that specializes in designing and implementing strategies and architectures to help organizations strengthen their security defences. Prior to founding Secure Tech Results, Ken held security engineering and incident responder roles at Education First, a global education services company, Brandeis University, and MorphoTrust USA (now Idemia). He earned his B.A. from the University of Massachusetts at Lowell, and an M.S. in Homeland Security Studies from Endicott College.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.