Tag Archive | threat hunting

Webinar – Exploring Indexed Packet Capture with Arkime (Moloch) and Suricata

Finding undetected threats in your network through proactive network analysis requires the right tools. Join us as Andy Wick, lead developer and creator of Arkime (formerly Moloch) and Elyse Rinne, Arkime software engineer and UI expert, will provide an introduction to this robust large scale, open source, indexed packet capture and search tool. Arkime can also enrich session data with Suricata alerts, and we’ll explore how this integration works.

Register here → Exploring Indexed Packet Capture with Arkime (Moloch) and Suricata Tickets, Wed, May 19, 2021 at 9:00 AM | Eventbrite

About Our Speakers

Andy Wick is a Distinguished Architect and the creator of Moloch now named Arkime and former Chief Architect of AIM. He joined Verizon Media’s security team, the Paranoids, in 2011. He has a passion for building large scalable tools and empowering users, as well as, the global open source community.

Elyse Rinne is the UI and full stack engineer for Arkime (formerly Moloch). She revamped the UI to be more user-friendly and maintainable. Now that the revamp has been completed, Elyse is working on implementing awesome new features to make Arkime the go-to open source tool for network security professionals!

Webinar – Threat Hunting with Suricata

Our March webinar is just around the corner! In this webinar, we’ll look into how modern threats utilize the network for a variety of activities and explore how the network continues to play a crucial role in the overall security monitoring of an organization. From delivering the malware to initially compromise an environment to bringing in additional tools and performing data exfiltration and command and control, all of this activity leaves traces over the network. We’ll explore how Suricata can go beyond generating alerts to show how you can use capabilities such as file identification and protocol parsing to gain the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an event.

Register -> https://www.eventbrite.com/e/webinar-threat-hunting-with-suricata-tickets-142989789309

Speakers:

Peter Manev – Peter Manev is the co-founder and Chief Strategy Officer (CSO) of Stamus Networks, a growing network security company. He is also a member of the executive team at Open Network Security Foundation (OISF).  Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer and explorer of innovative open source security software.  and is responsible for training as well as quality assurance and testing on the development team of Suricata – the open source threat detection engine. Peter is a regular speaker and educator on open source security, threat hunting, and network security.

Josh Stroschein – Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is the Director of Training for OISF, where he leads all training activity for the foundation and is also responsible for academic outreach and developing research initiatives. Josh is an accomplished trainer, providing training in the aforementioned subject areas at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, an author on Pluralsight, and a threat researcher for Bromium/HP.

Virtual Training – Suricata and Splunk Workshops

This two-part workshop is intended to prepare security practitioners to have immediate success with Suricata using the Stamus App for Splunk

Early bird pricing ends Dec 17!
Register here -> https://suricata-splunk-workshop2021.eventbrite.com/?ref=estw

Part 1: In-depth introduction to Suricata data and Splunk

Wednesday 20 January 2021 | 11am-3pm US Eastern Time

Attendees will receive a thorough technical introduction to Suricata data analysis using the Stamus Networks App for Splunk, designed for both Suricata sensors and Stamus Networks probes. Attendees will discover how to view network activity using application layer metadata extracted by Suricata. We will also explore the use of Suricata statistical data to perform sensor health check and assess system performance.

This session will also walk attendees through the various capabilities of the Stamus Networks App for Splunk, including the various dashboards and visualization available. After a brief introduction to the Splunk Processing Language (SPL) in the context of Suricata data, we will describe the EVE format that is used for all Suricata generated events. We will use this knowledge to perform data analysis and explore the visualizations using real-world Suricata data.

Part 2: Threat Hunting and Anomaly Detection with Suricata and Splunk

Thursday, 21 January 2021 | 11am-3pm US Eastern Time

In part 2, attendees will explore threat analysis, threat hunting, and anomaly detection that leverage both the IDS and NSM capabilities of Suricata . Before diving into threat hunting, we will spend time learning simple data queries and ultimately even the most complex queries of the Stamus Networks App for Splunk.

Using packet capture file examples from Malware Traffic Analysis, we will discover how to leverage Splunk to take full-advantage of the Suricata data to detect threats on the network.

* Attendees will have access to Suricata data via a dedicated Splunk instance and will perform hands-on exercises to experiment for themselves.

Who will benefit:

  • Network security administrators
  • Security analysts

Prerequisite knowledge:

  • Basic knowledge of Splunk, including SPL
  • Basic knowledge of Suricata
  • Understanding of Suricata EVE format
  • TCP/IP networking

OISF/Suricata to Offer Intrusion Detection and Threat Hunting Training Course at Black Hat USA

We’re excited to announce that OISF will be at the Mandalay Bay in Las Vegas this August for Black Hat USA, with our experts hosting a four-day power training on Intrusion Detection and Threat Hunting with Open Source Tools.

Our goal with this training is to help attendees build a foundation for an effective threat hunting program, as well as provide ideas and strategies to help increase the efficiency of existing programs. When it comes to detecting threat actors and malware operations, you can’t leave stones unturned.

If you’re a beginner in the open source space looking to mature your skills, this comprehensive training is a can’t-miss. Join us on August 1-4 at Black Hat USA and take your threat hunting capabilities to the next level. For more details on the session, check out the training page on Black Hat’s website – https://www.blackhat.com/us-20/training/schedule/#intrusion-analysis-and-threat-hunting-with-open-source-tools-19091

This course will cover the fundamental aspects of Suricata such as rule comprehension, managing rule sets, validating alerts, working through false positives/negatives and customizing rules to provide more network traffic visibility. We’ll dive into an in-depth analysis of network traffic and the development of threat hunting strategies to detect anomalous or malicious activity with tools such as Moloch, Kibana and CyberChef. Additionally, we’ll have several hands-on, real-world exercises to reinforce the detection techniques and tactics explained throughout the course.

Early bird pricing for the training ends on May 22, so act fast!

BlackHat USA August 2020

Trainers: Members of the OISF team