| 09:00 - 09:05 | Welcome and Logistics |
| 09:05 - 10:15 | Bro Design Overview (Vern Paxson, UC Berkeley/ICSI) |
| 10:15 - 10:45 | Bro Installation and Configuration (Robin Sommer, ICSI/LBNL) |
| Break | |
| 11:15 - 12:30 | A Walk-Through: Basics of Using Bro (Robin Sommer) (Traces) (Scripts) |
| Lunch | |
| 01:30 - 02:15 | Lab Exercise 1: Running Bro (Solution) |
| 02:15 - 03:30 | Scripting Language Overview (Vern Paxson) |
| Break | |
| 04:00 - 05:00 | Big Wins with Bro (Seth Hall) |
| 09:00 - 09:45 | Writing Scripts (Seth Hall, OSU) |
| 09:45 - 10:30 | Lab Exercise 2: Basic Tuning (Solution) |
| Break | |
| 11:00 - 12:00 | Lab Exercise 3: Writing EventHandlers (Solution) |
| 12:00 - 12:30 | Advanced Scripting (Robin Sommer) |
| Lunch | |
| 01:30 - 02:30 | Lab Exercise 4: State Management (Solution) |
| 02:30 - 03:00 | Remote Communication (Robin Sommer) |
| 03:00 - 03:30 | Perl Bindings for Broccoli (Steve Chan, NERSC) |
| Break | |
| 04:00 - 04:45 | Lab Exercise 5: Communication (Solution) |
| 04:45 - 05:00 | Questions/Discussion |
| 09:00 - 09:45 | Bro Control, Bro Cluster, and a Time Machine (Robin Sommer) |
| 09:45 - 10:15 | Network Blocking Options (Craig Leres, LBNL) |
| Notes on acld; sources for acld and syslog2bro. | |
| Break | |
| 10:45 - 11:15 | Using Bro for an Extended Incident (Seth Hall) |
| 11:15 - 12:15 | Lab Exercise 6: Application Layer Analysis (Solution) |
| 12:15 - 12:45 | Future Plans (Vern Paxson) |
| 12:45 - 13:00 | Wrap-Up |
Homework Exercise: Monitoring for an Activity Fingerprint
Aashish Sharma of NCSA provided some additional slides with field notes on using Bro.