Archive by Author | jstrosch

Webinar – OPNsense and Suricata a great combination, let’s get started!

OPNsense is an open source, easy-to-use and easy-to-build HardenedBSD based firewall and routing platform. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. The inline IPS system of OPNsense is based on Suricata and utilizes Netmap to enhance performance and minimize CPU utilization. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed. This webinar will take you through basic OPNSense setup before getting into Suricata installation and configuration. You will learn about different modes of operation, IDS versus IPS, and how to utilize the ET Pro Telemetry ruleset. By the end of this webinar you will be ready to run the latest version of Suricata in OPNSense to maximize visibility into your networks!

This is a free webinar but seats are limited. Please join us on 10/15/2020 by registering at: http://www.twitter.com/intent/tweet?text=I+am+attending+https://www.eventbrite.com/e/webinar-opnsense-and-suricata-a-great-combination-lets-get-started-tickets-117996028297?ref=estw

Academic Workshop – Getting Started with Suricata in the Classroom

We are pleased to announce our first academic workshop “Getting Started with Suricata in the Classroom”! This is a free workshop being offered those in an academic position and will require a valid EDU email address. Seats are limited!

Register here -> https://us02web.zoom.us/meeting/register/tZwkdeCgpjotHNNFCOsWHYEGXJW3LN2YbXO1

In this workshop, you will learn how to get started with Suricata to begin teaching it in the classroom or utilizing it for research purposes. Suricata is a free and open source, mature, fast and robust network threat detection engine capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline PCAP processing. Suricata inspects network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats. With standard input and output formats like YAML and JSON integrations with tools like existing SIEMs, Splunk, Logstash/Elasticsearch, Kibana, and other databases become effortless. You will be provided with a training virtual machine based on the SELKS distribution along with digital copies of all slides and labs/lab guides. By the end of this workshop you will be ready to include Suricata in your course content.

Webinar – Releasing Suricata 6.0 RC1 and How You Can Get Involved

The Suricata project has maintained an aggressive release schedule of beta, release candidate and major/minor version releases. With the upcoming release of Suricata 6.0 RC1, it brings with it a wide range of new and exciting features. These features include initial HTTP/2 support, improved EVE logging performance, conditional logging and more. In this webinar, Suricata founder and lead developer Victor Julien will introduce Suricata 6.0 RC1, discuss major changes and the power of the Suricata community. We will also discuss ways in which you can get involved in supporting these releases through testing, documentation and other kinds of feedback.

This is a free webinar but seats are limited. To sign-up, go to: https://www.eventbrite.com/e/releasing-suricata-60-rc1-and-how-you-can-get-involved-tickets-119342646067?ref=estw

Virtual Training – Advanced Deployment and Architecture with Suricata

We are excited to announce Advanced Deployment and Architecture as a live, virtual training!

Details/registration: https://www.eventbrite.com/e/virtual-training-advanced-deployment-and-configuration-with-suricata-tickets-110794401036

This course will go in-depth in Suricata configuration and deployment considerations. You will learn which capture method is best for traffic acquisition, maximizing performance with runmodes and dive deep into Suricata’s detection engine and multi-pattern matchers. Discover how to expand Suricata’s detection and output capabilities with Lua scripting as well as anomaly detection and file extraction capabilities. Gain a deeper understanding of performance and tuning considerations through CPU affinity, Numa, threading and NIC RSS hashing. Alongside that understand specifics about deployments the cloud and the pros and cons of those. Details of what and how needs to be in place for the cloud security monitoring. Learn how to perform effective and exhaustive troubleshooting when situations like packet loss and system overloading occur. Finally, learn how to handle elephant flows, work with eXpress Data Path, how output generation affects your deployment and how to integrate Suricata with other tools such as an ELK stack, Splunk and other Linux-based distributions such as SELKS. This class also offers a unique opportunity to bring in-depth use cases, questions, challenges, and new ideas directly to the Suricata team. Take your deployment and configuration skills to an expert level with Suricata Advanced Deployment and Architecture!

Early bird pricing ends July 17th!

Webinar – Correlating Host & Network Data w/ Community ID in Sec Onion Hybrid Hunter

Modern security monitoring applications generate a considerable amount of data, making it essential for the analyst to be able to quickly pivot between different data sets. In this webinar, Correlating Host & Network Data w/ Community ID in Sec Onion Hybrid Hunter, we will show you how to use Community ID to quickly correlate events from the network to your hosts. Utilizing the next major version of Security Onion, code-named Hybrid Hunter, you will learn how Community ID can be used to correlate network flows from tools such as Suricata and Zeek with host-based events from osquery. This will allow you to more effectively pivot between your network and host data. By the end of this webinar you’ll have the insight needed to leverage Community ID to perform more effective analysis of your security logs.

This is a free webinar but seats are limited. To sign-up, go to:
https://www.eventbrite.com/e/correlating-host-network-data-w-community-id-in-sec-onion-hybrid-hunter-tickets-106774641828

Webinar – Hunting Threats That Use Encrypted Network Traffic with Suricata

In February 2020, Let’s Encrypt announced that they had issued a billion certificates. This is a sign of how encryption for network traffic has continued to gain adoption among regular individuals as well as among malicious actors. Decryption of this traffic may look at first as the solution to recover the lost visibility but it is not always an option because of privacy consideration or even technical reason. In this webinar, we’ll discuss several approaches to analyze encrypted network traffic with Suricata. We will look at Suricata’s JA3/JA3S support, TLS/SSL and newest protocol anomaly detection capabilities. By the end of this webinar you’ll have the insight needed to leverage Suricata to perform more effective analysis of encrypted network traffic.

This is a free webinar but seats are limited. To sign-up, go to https://www.eventbrite.com/e/webinar-hunting-threats-that-use-encrypted-network-traffic-with-suricata-tickets-102612647190

Suricata Hosting Two Training Sessions at SharkFest’20 US

Mark your calendars! This July, Suricata will be in Kansas City, MO at SharkFest’20 US, hosting two intense, 90 minute crash courses on intrusion analysis/threat hunting and signature development.

The first training, Practical Signature Development for Open Source IDS, focuses on expert methods and techniques for writing network signatures to efficiently hunt and detect the greatest and most common threats facing organizations today. In addition to Suricata, we’ll utilize leading open source security tools, specifically WireShark, to teach traffic analysis fundamentals, custom signature writing and how to test your signatures for accuracy and performance.

Suricata experts with real-world experience in customizing and tailoring the solution to identify and hunt threats will equip you with the ability to analyze and interpret hostile network traffic to create agile rules for detection and mitigation.

Attendees of the second session, Intrusion Analysis and Threat Hunting with Suricata, will learn how to dig deep into network traffic to uncover key evidence of a compromise has occurred, identify new forms of attack and develop the skills necessary to proactively search for Indicators of Compromise and evidence of new breaches. The course will also explore key phases of adversary tactics and techniques from delivery mechanisms to post-infection traffic and data exfiltration, offering a true hands-on analysis experience.

Join us at SharkFest’20 US and maximize your open-source capabilities with Suricata.

For more information on the conference, visit https://sharkfestus.wireshark.org/

OISF/Suricata to Offer Intrusion Detection and Threat Hunting Training Course at Black Hat Asia

Due to concerns surrounding the COVID-19 virus, BlackHat Asia has rescheduled the conference to Sept 29 – Oct 2, 2020. We’re excited to announce that OISF will be at the Marina Bay Sands in Singapore this September/October for Black Hat Asia, with our experts hosting a four-day power training on Intrusion Detection and Threat Hunting with Open Source Tools.

Our goal with this training is to help attendees build a foundation for an effective threat hunting program, as well as provide ideas and strategies to help increase the efficiency of existing programs. When it comes to detecting threat actors and malware operations, you can’t leave stones unturned.

If you’re a beginner in the open source space looking to mature your skills, this comprehensive training is a can’t-miss. Join us on Sept 29 – Oct 2, 2020 at Black Hat Singapore and take your threat hunting capabilities to the next level. For more details on the session, check out the training page on Black Hat’s website – https://www.blackhat.com/asia-20/training/schedule/index.html#intrusion-analysis-and-threat-hunting-with-open-source-tools-18067

Early-bird pricing ends July 24th – we hope to see you in Singapore!

Trainers: Members of the OISF team

OISF/Suricata to Offer Intrusion Detection and Threat Hunting Training Course at Black Hat USA

We’re excited to announce that OISF will be at the Mandalay Bay in Las Vegas this August for Black Hat USA, with our experts hosting a four-day power training on Intrusion Detection and Threat Hunting with Open Source Tools.

Our goal with this training is to help attendees build a foundation for an effective threat hunting program, as well as provide ideas and strategies to help increase the efficiency of existing programs. When it comes to detecting threat actors and malware operations, you can’t leave stones unturned.

If you’re a beginner in the open source space looking to mature your skills, this comprehensive training is a can’t-miss. Join us on August 1-4 at Black Hat USA and take your threat hunting capabilities to the next level. For more details on the session, check out the training page on Black Hat’s website – https://www.blackhat.com/us-20/training/schedule/#intrusion-analysis-and-threat-hunting-with-open-source-tools-19091

This course will cover the fundamental aspects of Suricata such as rule comprehension, managing rule sets, validating alerts, working through false positives/negatives and customizing rules to provide more network traffic visibility. We’ll dive into an in-depth analysis of network traffic and the development of threat hunting strategies to detect anomalous or malicious activity with tools such as Moloch, Kibana and CyberChef. Additionally, we’ll have several hands-on, real-world exercises to reinforce the detection techniques and tactics explained throughout the course.

Early bird pricing for the training ends on May 22, so act fast!

BlackHat USA August 2020

Trainers: Members of the OISF team

Webinar – Enhancing Your Cuckoo Sandbox with Suricata: Installation and Configuration

The Cuckoo Sandbox has become one of the most popular open-source frameworks for the automation of malware analysis. One of the many benefits of Cuckoo is the ability to expand its capabilities through additional services and tools, such as Suricata. In this webinar, we will walk you through how to get Suricata up and running in a Cuckoo sandbox to get better network traffic analysis. This webinar will begin from a base installation of Cuckoo and show you how to install Suricata, configure Cuckoo to utilize Suricata as a post-processing module and how to update your initial rule set. We will also explore more advanced Suricata setup options to help with performance such as interacting through a unix socket. By the end of this workshop you will be able leverage Suricata’s IDS alerts to help with your malware analysis workflow.

Cuckoo network analysis enriched with Suricata IDS alerts

This is a free webinar but seats are limited. To sign-up, go to https://zoom.us/meeting/register/v5UtceihrzosujnYxCGEhLRCbNdofG2nzQ

Presented by: Josh Stroschein