From 75e6c21bd1cf8f49a306413f14d775a4e04d102c Mon Sep 17 00:00:00 2001
From: Matthias Vallentin <matthias@vallentin.net>
Date: Sun, 7 Aug 2022 14:23:59 +0200
Subject: [PATCH] Retroactively add ZeekWeek '21 talk

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index c5c748e..9af69b1 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ Slides (in reverse-chronological order):
 - [Potsdam Conference on National CyberSecurity][potsdam22] - Jun 2022
 - [The International Conference on the EU Cyber Act][iceca22] - May 2022
 - [Suricon][suricon21] - November 2021  
+- [ZeekWeek][zeekweek21] - October 2021  
 - [Suricon][suricon19] - October 2019
 - [Zeek Workshop Europe][zeekshop19] - April 2019
 - [DFN Conference on Security in Networked Systems][dfnconf19] - February 2019
@@ -49,6 +50,15 @@ to deliver historical metadata as via [Threat
 Bus](https://github.com/tenzir/threatbus), such that they appear as an `alert`
 event that is indistinguishable from a live alert.
 
+## ZeekWeek - October 2021
+
+At [ZeekWeek 2021](https://zeek.org/zeekweek2021/), we presented how VAST can
+become a Zeek logger node and transparently receive logs from a Zeek cluster in
+an optimal fashion. To this end, we wrote a
+[Broker](https://github.com/zeek/broker) plugin to acquire the binary log data.
+We then reverse-engineered the binary message format of batched logs, which
+allowed us to convert them directly into VAST's data plane using Apache Arrow.
+
 ## Suricon - October 2019
 
 At [Suricon 2019](https://suricon.net/suricon-2019-amsterdam/) in Amsterdam, we