One Week Left to Get an 11" iPad Pro with Apple Pencil w/ OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The Power of Open-Source Zeek (formerly Bro)

  • Thursday, April 23, 2020 at 10:30 AM EDT (2020-04-23 14:30:00 UTC)
  • John Gamble


  • Corelight

You can now attend the webcast using your mobile device!



Open-source Zeek (formerly Bro) is one of network securitys best kept secrets. Deployed out-of-band by thousands of the worlds top blue teams, Zeek transforms raw network traffic into rich protocol logs, extracted files, and custom behavioral insights. Zeek data provides rocket fuel for incident responders and threat hunters alike so they can make lightning-fast sense of their traffic and track adversaries across port and protocol, even when its encrypted.

This webcast will take beginner and intermediate Zeek-ophiles to the next level, while also covering a few advanced use cases for more experienced attendees. Content covered will include open-source deployment options, discussions of key SOC use cases, and specific demonstrations of how IR and hunting workflows in SIEMs can be accelerated with Zeek data.

Register for this technical webcast to hear from John Gamble, Director of Product Marketing at Corelight to learn about the fundamentals of how Zeek operates, key Zeek wins from leading blue teamers, and how you can get started with using Zeek in your own environment.

Speaker Bio

John Gamble

John Gamble is Director of Product Marketing at Corelight and has spent more than a decade in the data protection industry representing cybersecurity, privacy and identity verification solutions, including his most recent role as Director of Product Marketing at Lookout, a mobile endpoint security company.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.