Archive by Author | jstrosch

Webinar – Continuously Fuzzing and Improving Suricata

Our first webinar of 2021 is here! Join Suricata developer Philippe Antoine as he discusses Continuously Fuzzing and Improving Suricata. Learn how fuzzing is implemented and ways it can be improved as a community, leading to more robust and resilient software.

Register ->

This webinar is scheduled for January 21st, 2021 at 10am EST. A video recording will be made available after the webinar concludes and posted to the OISF/Suricata YouTube channel at

Virtual Training – Suricata and Splunk Workshops

This two-part workshop is intended to prepare security practitioners to have immediate success with Suricata using the Stamus App for Splunk

Early bird pricing ends Dec 17!
Register here ->

Part 1: In-depth introduction to Suricata data and Splunk

Wednesday 20 January 2021 | 11am-3pm US Eastern Time

Attendees will receive a thorough technical introduction to Suricata data analysis using the Stamus Networks App for Splunk, designed for both Suricata sensors and Stamus Networks probes. Attendees will discover how to view network activity using application layer metadata extracted by Suricata. We will also explore the use of Suricata statistical data to perform sensor health check and assess system performance.

This session will also walk attendees through the various capabilities of the Stamus Networks App for Splunk, including the various dashboards and visualization available. After a brief introduction to the Splunk Processing Language (SPL) in the context of Suricata data, we will describe the EVE format that is used for all Suricata generated events. We will use this knowledge to perform data analysis and explore the visualizations using real-world Suricata data.

Part 2: Threat Hunting and Anomaly Detection with Suricata and Splunk

Thursday, 21 January 2021 | 11am-3pm US Eastern Time

In part 2, attendees will explore threat analysis, threat hunting, and anomaly detection that leverage both the IDS and NSM capabilities of Suricata . Before diving into threat hunting, we will spend time learning simple data queries and ultimately even the most complex queries of the Stamus Networks App for Splunk.

Using packet capture file examples from Malware Traffic Analysis, we will discover how to leverage Splunk to take full-advantage of the Suricata data to detect threats on the network.

* Attendees will have access to Suricata data via a dedicated Splunk instance and will perform hands-on exercises to experiment for themselves.

Who will benefit:

  • Network security administrators
  • Security analysts

Prerequisite knowledge:

  • Basic knowledge of Splunk, including SPL
  • Basic knowledge of Suricata
  • Understanding of Suricata EVE format
  • TCP/IP networking

Webinar – Suricata and Splunk: Tap into the Power of Suricata with the new Splunk App

Join OISF and Stamus Networks for a webinar to introduce the new Splunk App for enterprise Suricata deployments. This webinar will be led by Eric Leblond, the lead developer of the app and a senior developer of Suricata.

Enterprises deploying multiple Suricata sensors need a way to consolidate the logs, events and alerts from those sensors into a “single pane of glass” to efficiently correlate, analyze, search, and gain insights into their overall enterprise network security posture.

Recently, Stamus Networks announced the general availability of its application for Splunk which supports both Suricata sensors and Scirius Security Platform. The app is open source, free, and currently available for download on Splunkbase.

This is a free webinar but seats are limited. To register, go to our EventBrite page:

Suricata is recognized as the de facto standard network intrusion detection system (IDS), but it is less well-known for its network security monitoring (NSM) capabilities – which can rival those of other dedicated NSM software. This webinar will highlight both dimensions by demonstrating advanced analytics and anomaly detection from the IDS side and will use Splunk search and dashboards to demonstrate the NSM side which can provide deep insight into your network activity.

What you can expect:

  • Learn the basic capabilities of the Splunk App
  • Explore the benefits of the app through several real-world use cases
  • Gain a greater understanding of both the IDS and NSM capabilities of Suricata
  • Understand the importance of Splunk’s Common Information Model
  • Learn where you can find additional information
  • Q&A with the App’s lead developer

Who should attend:

  • Threat hunters, incident responders and other security practitioners who use Splunk
  • Current Suricata and Splunk users who wish to learn the value of the dedicated app
  • Suricata users who are considering Splunk in their enterprise
  • Enterprise Splunk users considering deploying Suricata in their network

The App provides a powerful set of dashboards and query capabilities. These dashboards include one specifically designed to assist Zeek users in becoming familiar with the advanced Suricata network security monitoring features such as TLS information from SMB or Kerberos activity, HTTP hosts and many other protocol transactions.

Speaker: Éric Leblond

CTO of Stamus Networks, OISF Executive Council Member, and Suricata Senior Developer

Éric is the Chief Technology Officer of Stamus Networks, and the lead developer of the Stamus Networks App for Splunk. He has more than 15 years of experience as co-founder and CTO of cybersecurity software companies and is an active member of the security and open source communities. Since 2009, he has been one of the core developers of Suricata. He is also part of OISF executive council and the Netfilter Core team for the Linux kernel’s firewall layer.

Webinar – OPNsense and Suricata a great combination, let’s get started!

OPNsense is an open source, easy-to-use and easy-to-build HardenedBSD based firewall and routing platform. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. The inline IPS system of OPNsense is based on Suricata and utilizes Netmap to enhance performance and minimize CPU utilization. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed. This webinar will take you through basic OPNSense setup before getting into Suricata installation and configuration. You will learn about different modes of operation, IDS versus IPS, and how to utilize the ET Pro Telemetry ruleset. By the end of this webinar you will be ready to run the latest version of Suricata in OPNSense to maximize visibility into your networks!

This is a free webinar but seats are limited. Please join us on 10/15/2020 by registering at:

Academic Workshop – Getting Started with Suricata in the Classroom

We are pleased to announce our first academic workshop “Getting Started with Suricata in the Classroom”! This is a free workshop being offered those in an academic position and will require a valid EDU email address. Seats are limited!

Register here ->

In this workshop, you will learn how to get started with Suricata to begin teaching it in the classroom or utilizing it for research purposes. Suricata is a free and open source, mature, fast and robust network threat detection engine capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline PCAP processing. Suricata inspects network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats. With standard input and output formats like YAML and JSON integrations with tools like existing SIEMs, Splunk, Logstash/Elasticsearch, Kibana, and other databases become effortless. You will be provided with a training virtual machine based on the SELKS distribution along with digital copies of all slides and labs/lab guides. By the end of this workshop you will be ready to include Suricata in your course content.

Webinar – Releasing Suricata 6.0 RC1 and How You Can Get Involved

The Suricata project has maintained an aggressive release schedule of beta, release candidate and major/minor version releases. With the upcoming release of Suricata 6.0 RC1, it brings with it a wide range of new and exciting features. These features include initial HTTP/2 support, improved EVE logging performance, conditional logging and more. In this webinar, Suricata founder and lead developer Victor Julien will introduce Suricata 6.0 RC1, discuss major changes and the power of the Suricata community. We will also discuss ways in which you can get involved in supporting these releases through testing, documentation and other kinds of feedback.

This is a free webinar but seats are limited. To sign-up, go to:

Virtual Training – Advanced Deployment and Architecture with Suricata

We are excited to announce Advanced Deployment and Architecture as a live, virtual training!


This course will go in-depth in Suricata configuration and deployment considerations. You will learn which capture method is best for traffic acquisition, maximizing performance with runmodes and dive deep into Suricata’s detection engine and multi-pattern matchers. Discover how to expand Suricata’s detection and output capabilities with Lua scripting as well as anomaly detection and file extraction capabilities. Gain a deeper understanding of performance and tuning considerations through CPU affinity, Numa, threading and NIC RSS hashing. Alongside that understand specifics about deployments the cloud and the pros and cons of those. Details of what and how needs to be in place for the cloud security monitoring. Learn how to perform effective and exhaustive troubleshooting when situations like packet loss and system overloading occur. Finally, learn how to handle elephant flows, work with eXpress Data Path, how output generation affects your deployment and how to integrate Suricata with other tools such as an ELK stack, Splunk and other Linux-based distributions such as SELKS. This class also offers a unique opportunity to bring in-depth use cases, questions, challenges, and new ideas directly to the Suricata team. Take your deployment and configuration skills to an expert level with Suricata Advanced Deployment and Architecture!

Early bird pricing ends July 17th!

Webinar – Correlating Host & Network Data w/ Community ID in Sec Onion Hybrid Hunter

Modern security monitoring applications generate a considerable amount of data, making it essential for the analyst to be able to quickly pivot between different data sets. In this webinar, Correlating Host & Network Data w/ Community ID in Sec Onion Hybrid Hunter, we will show you how to use Community ID to quickly correlate events from the network to your hosts. Utilizing the next major version of Security Onion, code-named Hybrid Hunter, you will learn how Community ID can be used to correlate network flows from tools such as Suricata and Zeek with host-based events from osquery. This will allow you to more effectively pivot between your network and host data. By the end of this webinar you’ll have the insight needed to leverage Community ID to perform more effective analysis of your security logs.

This is a free webinar but seats are limited. To sign-up, go to:

Webinar – Hunting Threats That Use Encrypted Network Traffic with Suricata

In February 2020, Let’s Encrypt announced that they had issued a billion certificates. This is a sign of how encryption for network traffic has continued to gain adoption among regular individuals as well as among malicious actors. Decryption of this traffic may look at first as the solution to recover the lost visibility but it is not always an option because of privacy consideration or even technical reason. In this webinar, we’ll discuss several approaches to analyze encrypted network traffic with Suricata. We will look at Suricata’s JA3/JA3S support, TLS/SSL and newest protocol anomaly detection capabilities. By the end of this webinar you’ll have the insight needed to leverage Suricata to perform more effective analysis of encrypted network traffic.

This is a free webinar but seats are limited. To sign-up, go to

Suricata Hosting Two Training Sessions at SharkFest’20 US

Mark your calendars! This July, Suricata will be in Kansas City, MO at SharkFest’20 US, hosting two intense, 90 minute crash courses on intrusion analysis/threat hunting and signature development.

The first training, Practical Signature Development for Open Source IDS, focuses on expert methods and techniques for writing network signatures to efficiently hunt and detect the greatest and most common threats facing organizations today. In addition to Suricata, we’ll utilize leading open source security tools, specifically WireShark, to teach traffic analysis fundamentals, custom signature writing and how to test your signatures for accuracy and performance.

Suricata experts with real-world experience in customizing and tailoring the solution to identify and hunt threats will equip you with the ability to analyze and interpret hostile network traffic to create agile rules for detection and mitigation.

Attendees of the second session, Intrusion Analysis and Threat Hunting with Suricata, will learn how to dig deep into network traffic to uncover key evidence of a compromise has occurred, identify new forms of attack and develop the skills necessary to proactively search for Indicators of Compromise and evidence of new breaches. The course will also explore key phases of adversary tactics and techniques from delivery mechanisms to post-infection traffic and data exfiltration, offering a true hands-on analysis experience.

Join us at SharkFest’20 US and maximize your open-source capabilities with Suricata.

For more information on the conference, visit