This talk will explore the Suricata rule syntax and use interesting parts of network traffic to highlight how to create custom rules. We will also explore keywords, where to find resources and how to avoid false positives.
Speaker – Tatyana Shishkova
Tatyana is a Senior Malware Analyst specializing in reverse engineering (currently Android platform, previously Windows), threat intelligence and network intrusion detection (Suricata). She speaks at cybersecurity conferences, teach newbies and conduct webinars. She has a Specialist’s degree in Applied Mathematics and Computer Science from Lomonosov Moscow State University.
Our March webinar is just around the corner! In this webinar, we’ll look into how modern threats utilize the network for a variety of activities and explore how the network continues to play a crucial role in the overall security monitoring of an organization. From delivering the malware to initially compromise an environment to bringing in additional tools and performing data exfiltration and command and control, all of this activity leaves traces over the network. We’ll explore how Suricata can go beyond generating alerts to show how you can use capabilities such as file identification and protocol parsing to gain the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an event.
Peter Manev – Peter Manev is the co-founder and Chief Strategy Officer (CSO) of Stamus Networks, a growing network security company. He is also a member of the executive team at Open Network Security Foundation (OISF). Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer and explorer of innovative open source security software. and is responsible for training as well as quality assurance and testing on the development team of Suricata – the open source threat detection engine. Peter is a regular speaker and educator on open source security, threat hunting, and network security.
Josh Stroschein – Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is the Director of Training for OISF, where he leads all training activity for the foundation and is also responsible for academic outreach and developing research initiatives. Josh is an accomplished trainer, providing training in the aforementioned subject areas at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium/HP.
We are pleased to announce our Call for Trainings for SuriCon 2021! SuriCon opens with two days of training prior to the start of the conference. Training submissions should be for either a 1 or 2 day course and should include aspects that are related to Suricata.
You can submit your training proposal at Call for Trainings – SURICON
Call for trainings opens: February 2021
Call for trainings closes: June 4, 2021
Notifications sent out: June 2021
Training Selection Process
The SuriCon training review board consists of members of the Open Information Security Foundation (OISF) and other distinguished members of the information security community. If you have any questions please don’t hesitate to reach out to us at SuriCon@oisf.net.
Women of Suricata bring you yet another webinar focused on helping new people willing to contribute to Suricata. For this webinar, our two Outreachy interns shall be sharing their experience, some tips, tricks and magic dust to help you get started with the development. Contributing to a big project like Suricata can be very intimidating especially when its open source and all your contributions are in public for everyone to scrunitize. Our speakers stood at the same place and paved their ways forward with baby steps learning and growing a lot all through the process.
Topics you can expect:
- How to start contributing
- How to make best use of existing helper scripts/functions
- Testing your work
- Things to take care of when creating first PR
- How to apply to intern with us through the Outreachy programme
- Expectations from an intern
- Challenges and overcoming them
Juliana Fajardini – OISF intern with Suricata. Bachelor’s degree in Information Systems, with a constant passion for learning, sharing and fostering communities, and a growing interest for Rust.
Tharushi Jayasekara – Outreachy intern at OISF. Final year Computer Science undergraduate at University of Colombo, passionate about algorithms, InfoSec and creating a diverse and inclusive community in the world of tech.
Target audience for this webinar are beginners. If you are interested in the above mentioned topics, do sign up!
Hope to see you! 🙂
Our first webinar of 2021 is here! Join Suricata developer Philippe Antoine as he discusses Continuously Fuzzing and Improving Suricata. Learn how fuzzing is implemented and ways it can be improved as a community, leading to more robust and resilient software.
This webinar is scheduled for January 21st, 2021 at 10am EST. A video recording will be made available after the webinar concludes and posted to the OISF/Suricata YouTube channel at https://www.youtube.com/channel/UCSpIq33gB7-Rl9NtUGrvHLQ
This two-part workshop is intended to prepare security practitioners to have immediate success with Suricata using the Stamus App for Splunk
Early bird pricing ends Dec 17!
Register here -> https://suricata-splunk-workshop2021.eventbrite.com/?ref=estw
Part 1: In-depth introduction to Suricata data and Splunk
Wednesday 20 January 2021 | 11am-3pm US Eastern Time
Attendees will receive a thorough technical introduction to Suricata data analysis using the Stamus Networks App for Splunk, designed for both Suricata sensors and Stamus Networks probes. Attendees will discover how to view network activity using application layer metadata extracted by Suricata. We will also explore the use of Suricata statistical data to perform sensor health check and assess system performance.
This session will also walk attendees through the various capabilities of the Stamus Networks App for Splunk, including the various dashboards and visualization available. After a brief introduction to the Splunk Processing Language (SPL) in the context of Suricata data, we will describe the EVE format that is used for all Suricata generated events. We will use this knowledge to perform data analysis and explore the visualizations using real-world Suricata data.
Part 2: Threat Hunting and Anomaly Detection with Suricata and Splunk
Thursday, 21 January 2021 | 11am-3pm US Eastern Time
In part 2, attendees will explore threat analysis, threat hunting, and anomaly detection that leverage both the IDS and NSM capabilities of Suricata . Before diving into threat hunting, we will spend time learning simple data queries and ultimately even the most complex queries of the Stamus Networks App for Splunk.
Using packet capture file examples from Malware Traffic Analysis, we will discover how to leverage Splunk to take full-advantage of the Suricata data to detect threats on the network.
* Attendees will have access to Suricata data via a dedicated Splunk instance and will perform hands-on exercises to experiment for themselves.
Who will benefit:
- Network security administrators
- Security analysts
- Basic knowledge of Splunk, including SPL
- Basic knowledge of Suricata
- Understanding of Suricata EVE format
- TCP/IP networking
Join OISF and Stamus Networks for a webinar to introduce the new Splunk App for enterprise Suricata deployments. This webinar will be led by Eric Leblond, the lead developer of the app and a senior developer of Suricata.
Enterprises deploying multiple Suricata sensors need a way to consolidate the logs, events and alerts from those sensors into a “single pane of glass” to efficiently correlate, analyze, search, and gain insights into their overall enterprise network security posture.
Recently, Stamus Networks announced the general availability of its application for Splunk which supports both Suricata sensors and Scirius Security Platform. The app is open source, free, and currently available for download on Splunkbase.
This is a free webinar but seats are limited. To register, go to our EventBrite page: https://www.eventbrite.com/e/suricata-and-splunk-tap-into-the-power-of-suricata-with-the-new-splunk-app-tickets-128175800269?ref=estw
Suricata is recognized as the de facto standard network intrusion detection system (IDS), but it is less well-known for its network security monitoring (NSM) capabilities – which can rival those of other dedicated NSM software. This webinar will highlight both dimensions by demonstrating advanced analytics and anomaly detection from the IDS side and will use Splunk search and dashboards to demonstrate the NSM side which can provide deep insight into your network activity.
What you can expect:
- Learn the basic capabilities of the Splunk App
- Explore the benefits of the app through several real-world use cases
- Gain a greater understanding of both the IDS and NSM capabilities of Suricata
- Understand the importance of Splunk’s Common Information Model
- Learn where you can find additional information
- Q&A with the App’s lead developer
Who should attend:
- Threat hunters, incident responders and other security practitioners who use Splunk
- Current Suricata and Splunk users who wish to learn the value of the dedicated app
- Suricata users who are considering Splunk in their enterprise
- Enterprise Splunk users considering deploying Suricata in their network
The App provides a powerful set of dashboards and query capabilities. These dashboards include one specifically designed to assist Zeek users in becoming familiar with the advanced Suricata network security monitoring features such as TLS information from SMB or Kerberos activity, HTTP hosts and many other protocol transactions.
Speaker: Éric Leblond
CTO of Stamus Networks, OISF Executive Council Member, and Suricata Senior Developer
Éric is the Chief Technology Officer of Stamus Networks, and the lead developer of the Stamus Networks App for Splunk. He has more than 15 years of experience as co-founder and CTO of cybersecurity software companies and is an active member of the security and open source communities. Since 2009, he has been one of the core developers of Suricata. He is also part of OISF executive council and the Netfilter Core team for the Linux kernel’s firewall layer.
OPNsense is an open source, easy-to-use and easy-to-build HardenedBSD based firewall and routing platform. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. The inline IPS system of OPNsense is based on Suricata and utilizes Netmap to enhance performance and minimize CPU utilization. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed. This webinar will take you through basic OPNSense setup before getting into Suricata installation and configuration. You will learn about different modes of operation, IDS versus IPS, and how to utilize the ET Pro Telemetry ruleset. By the end of this webinar you will be ready to run the latest version of Suricata in OPNSense to maximize visibility into your networks!
This is a free webinar but seats are limited. Please join us on 10/15/2020 by registering at: http://www.twitter.com/intent/tweet?text=I+am+attending+https://www.eventbrite.com/e/webinar-opnsense-and-suricata-a-great-combination-lets-get-started-tickets-117996028297?ref=estw
We are pleased to announce our first academic workshop “Getting Started with Suricata in the Classroom”! This is a free workshop being offered those in an academic position and will require a valid EDU email address. Seats are limited!
In this workshop, you will learn how to get started with Suricata to begin teaching it in the classroom or utilizing it for research purposes. Suricata is a free and open source, mature, fast and robust network threat detection engine capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline PCAP processing. Suricata inspects network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats. With standard input and output formats like YAML and JSON integrations with tools like existing SIEMs, Splunk, Logstash/Elasticsearch, Kibana, and other databases become effortless. You will be provided with a training virtual machine based on the SELKS distribution along with digital copies of all slides and labs/lab guides. By the end of this workshop you will be ready to include Suricata in your course content.
The Suricata project has maintained an aggressive release schedule of beta, release candidate and major/minor version releases. With the upcoming release of Suricata 6.0 RC1, it brings with it a wide range of new and exciting features. These features include initial HTTP/2 support, improved EVE logging performance, conditional logging and more. In this webinar, Suricata founder and lead developer Victor Julien will introduce Suricata 6.0 RC1, discuss major changes and the power of the Suricata community. We will also discuss ways in which you can get involved in supporting these releases through testing, documentation and other kinds of feedback.
This is a free webinar but seats are limited. To sign-up, go to: https://www.eventbrite.com/e/releasing-suricata-60-rc1-and-how-you-can-get-involved-tickets-119342646067?ref=estw