Last week we held our first workshop since the full team came together for the NSF grant and I felt like the workshop went very well. It was by far the largest workshop in terms of attendance, I think we had over 55 people in the room most of the time!
Personally, it was great to get a chance to put so many faces to names. I've communicated with many people but had the chance to meet far too few. In particular I was excited to see the growing interest in Bro from the incident response community. We've really pushed Bro with the 2.0 release to be well tuned and relevant for security operations straight "out of the box". Now I'm looking forward to learning and helping with new deployments in 2012 and more questions about networks that we could help answer with Bro.
Speaking of answering questions about networks, there was a particularly interesting occurrence on the second day. The entire day seemed to revolve around the idea of asking questions about networks and getting real answers. Everything revolved around this; the exercises, the presentations, even the invited talks given by incident responders. I've been pushing for this as part of the approach to Bro for a long time since Bro is a great tool for answering questions so I'm really happy to see others using Bro in a similar way. Now that the 2.0-beta is released and 2.0-final is approaching, I will begin posting snippets and full scripts soon that help you answer questions about your own networks. There are so many questions, and so little time.
I would really like to thank everyone who listened to my pleading to attend the workshop and those whom I didn't even need to plead with. You all added to my experience of the workshop and opened my eyes to new ways of thinking about how Bro can and should be used. I hope you got as much from the workshop as I did.
Finally, I wanted to mention that all of the material from the workshop (video, exercises, slides) will be released very soon and we will be sure to do another quick blog post when it's available.
That's enough writing, now back to coding and documentation...