Analysing Intrusions with Suricata (closed)

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration)

Defending your network starts with understanding your traffic. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this course, attendees will learn the skills required to identify, respond and protect against threats in their network day to day as well as to identify new threats through structured data aggregation and analysis. Hands-on labs consisting of real-world malware and network traffic will reinforce the course's concepts while utilizing the latest Suricata features. Come and see what you've been missing in your network and unlock the full potential of network security, detection, and response with Threat Hunting with Suricata. In this course, students will learn through a combination of lecture and approximately 15 hands-on labs (depending on workshop duration): - Identify key strategies for network security architecture and visibility - Learn the fundamentals of rule writing and rule comprehension - Understand how to manage rule sources and create effective rulesets - Develop methods for establishing network baselines - Recognize traffic anomalies - Use Suricata to capture network traffic and replay PCAPS - Utilize log aggregation and shipping services to build a complete picture - Perform traffic analysis and create visualizations with Kibana - Develop a custom network sensor with Suricata and ELK - Analyze suspicious traffic to determine maliciousness - Learn how to pivot off of key attack indicators using threat intelligence - Analyze true positive and false positive alerts - Leveraging rules specifically for threat hunting - Deploying honey tokens

Presenters:

• Peter Manev - Open Information Security Foundation / Suricata
  Peter Manev (aka pevma, in some countries also DonPedro / pevman) Peter has been involved with Suricata IDS/IPS/NSM from its very early days in 2009 as QA lead, currently a Suricata executive council member. Peter has 15 years experience in the IT industry, including enterprise and government level IT security practice. As an adamant admirer and explorer of innovative open source security software he is also one of the creators of SELKS - an open source threat detection security distro. He is also one of the founders of Stamus Networks, a company providing security solutions based on Suricata.
• Eric Leblond - Open Information Security Foundation / Suricata
  Eric Leblond (aka regit) Eric is an active member of the security and open source communities. He is a Netfilter Core Team member working mainly on communications between kernel and userland. He works on the development of Suricata, the open source IDS/IPS since 2009 and he is currently one of the Suricata core developers. He is also one of the founders of Stamus Networks, a company providing security solutions based on Suricata.

Links:

• https://deepsec.net/archive/2019.deepsec.net/speaker.html#WSLOT403

Similar Presentations:

• DeepSec 2014 „Do you want to know more?“ / Suricata Training Event
• BSidesLV 2017 / Intro to Practical Network Signature Development for Open Source IDS
• DeepSec 2014 „Do you want to know more?“ / Suricata Intrusion Detection