Join us on Wednesday, October 30th at 10am Pacific for the webinar " Automated Zeek Builds and Adventures with the Management Framework".
The Speaker is Dop, from ESNet.
Register here, and also note our list of upcoming webinars.
Abstract:
At ESnet, we pride ourselves on being cutting edge, even when we cut ourselves. Every new significant branch of zeek is automatically built and tested in Gitlab CI. Then, every night, the latest, successful ‘master’ build is deployed to a test system via ansible. As time permits, we roll out the latest build, in production, to over 40 servers. Through this process we’ve both been able to provide early feedback to the zeek project about potential bugs and give ourselves an early warning system when changes impact our production plugins and scripts.
The second half of this talk will cover how we look to support the future of multi-node cluster environments. With the announcement of zeekctl’s eventual retirement we moved to systemd for process control. These days we’re looking at the new Zeek Management Framework. It’s a little confusing at first, but we’ll discuss what it takes to build a single system or a cluster, including what works and what doesn’t.
Bio:
Michael “Dop” Dopheide has spent the majority of his career working in the R&E community specializing in systems engineering, security research, incident response, and network intrusion detection. He especially enjoys helping coworkers debug problems at the packet and protocol levels. In addition to his operational security role, Dop helps support the open source Zeek community and volunteers to beta test the SANS Holiday Hack challenge.