Tag Archive | training

Virtual Training – Advanced Deployment and Architecture with Suricata

We are excited to announce Advanced Deployment and Architecture as a live, virtual training!

Details/registration: https://www.eventbrite.com/e/virtual-training-advanced-deployment-and-configuration-with-suricata-tickets-110794401036

This course will go in-depth in Suricata configuration and deployment considerations. You will learn which capture method is best for traffic acquisition, maximizing performance with runmodes and dive deep into Suricata’s detection engine and multi-pattern matchers. Discover how to expand Suricata’s detection and output capabilities with Lua scripting as well as anomaly detection and file extraction capabilities. Gain a deeper understanding of performance and tuning considerations through CPU affinity, Numa, threading and NIC RSS hashing. Alongside that understand specifics about deployments the cloud and the pros and cons of those. Details of what and how needs to be in place for the cloud security monitoring. Learn how to perform effective and exhaustive troubleshooting when situations like packet loss and system overloading occur. Finally, learn how to handle elephant flows, work with eXpress Data Path, how output generation affects your deployment and how to integrate Suricata with other tools such as an ELK stack, Splunk and other Linux-based distributions such as SELKS. This class also offers a unique opportunity to bring in-depth use cases, questions, challenges, and new ideas directly to the Suricata team. Take your deployment and configuration skills to an expert level with Suricata Advanced Deployment and Architecture!

Early bird pricing ends July 17th!

Webinar – Hunting Threats That Use Encrypted Network Traffic with Suricata

In February 2020, Let’s Encrypt announced that they had issued a billion certificates. This is a sign of how encryption for network traffic has continued to gain adoption among regular individuals as well as among malicious actors. Decryption of this traffic may look at first as the solution to recover the lost visibility but it is not always an option because of privacy consideration or even technical reason. In this webinar, we’ll discuss several approaches to analyze encrypted network traffic with Suricata. We will look at Suricata’s JA3/JA3S support, TLS/SSL and newest protocol anomaly detection capabilities. By the end of this webinar you’ll have the insight needed to leverage Suricata to perform more effective analysis of encrypted network traffic.

This is a free webinar but seats are limited. To sign-up, go to https://www.eventbrite.com/e/webinar-hunting-threats-that-use-encrypted-network-traffic-with-suricata-tickets-102612647190

Suricata Hosting Two Training Sessions at SharkFest’20 US

Mark your calendars! This July, Suricata will be in Kansas City, MO at SharkFest’20 US, hosting two intense, 90 minute crash courses on intrusion analysis/threat hunting and signature development.

The first training, Practical Signature Development for Open Source IDS, focuses on expert methods and techniques for writing network signatures to efficiently hunt and detect the greatest and most common threats facing organizations today. In addition to Suricata, we’ll utilize leading open source security tools, specifically WireShark, to teach traffic analysis fundamentals, custom signature writing and how to test your signatures for accuracy and performance.

Suricata experts with real-world experience in customizing and tailoring the solution to identify and hunt threats will equip you with the ability to analyze and interpret hostile network traffic to create agile rules for detection and mitigation.

Attendees of the second session, Intrusion Analysis and Threat Hunting with Suricata, will learn how to dig deep into network traffic to uncover key evidence of a compromise has occurred, identify new forms of attack and develop the skills necessary to proactively search for Indicators of Compromise and evidence of new breaches. The course will also explore key phases of adversary tactics and techniques from delivery mechanisms to post-infection traffic and data exfiltration, offering a true hands-on analysis experience.

Join us at SharkFest’20 US and maximize your open-source capabilities with Suricata.

For more information on the conference, visit https://sharkfestus.wireshark.org/

OISF/Suricata to Offer Intrusion Detection and Threat Hunting Training Course at Black Hat Asia

Due to concerns surrounding the COVID-19 virus, BlackHat Asia has rescheduled the conference to Sept 29 – Oct 2, 2020. We’re excited to announce that OISF will be at the Marina Bay Sands in Singapore this September/October for Black Hat Asia, with our experts hosting a four-day power training on Intrusion Detection and Threat Hunting with Open Source Tools.

Our goal with this training is to help attendees build a foundation for an effective threat hunting program, as well as provide ideas and strategies to help increase the efficiency of existing programs. When it comes to detecting threat actors and malware operations, you can’t leave stones unturned.

If you’re a beginner in the open source space looking to mature your skills, this comprehensive training is a can’t-miss. Join us on Sept 29 – Oct 2, 2020 at Black Hat Singapore and take your threat hunting capabilities to the next level. For more details on the session, check out the training page on Black Hat’s website – https://www.blackhat.com/asia-20/training/schedule/index.html#intrusion-analysis-and-threat-hunting-with-open-source-tools-18067

Early-bird pricing ends July 24th – we hope to see you in Singapore!

Trainers: Members of the OISF team

OISF/Suricata to Offer Intrusion Detection and Threat Hunting Training Course at Black Hat USA

We’re excited to announce that OISF will be at the Mandalay Bay in Las Vegas this August for Black Hat USA, with our experts hosting a four-day power training on Intrusion Detection and Threat Hunting with Open Source Tools.

Our goal with this training is to help attendees build a foundation for an effective threat hunting program, as well as provide ideas and strategies to help increase the efficiency of existing programs. When it comes to detecting threat actors and malware operations, you can’t leave stones unturned.

If you’re a beginner in the open source space looking to mature your skills, this comprehensive training is a can’t-miss. Join us on August 1-4 at Black Hat USA and take your threat hunting capabilities to the next level. For more details on the session, check out the training page on Black Hat’s website – https://www.blackhat.com/us-20/training/schedule/#intrusion-analysis-and-threat-hunting-with-open-source-tools-19091

This course will cover the fundamental aspects of Suricata such as rule comprehension, managing rule sets, validating alerts, working through false positives/negatives and customizing rules to provide more network traffic visibility. We’ll dive into an in-depth analysis of network traffic and the development of threat hunting strategies to detect anomalous or malicious activity with tools such as Moloch, Kibana and CyberChef. Additionally, we’ll have several hands-on, real-world exercises to reinforce the detection techniques and tactics explained throughout the course.

Early bird pricing for the training ends on May 22, so act fast!

BlackHat USA August 2020

Trainers: Members of the OISF team

Webinar – Enhancing Your Cuckoo Sandbox with Suricata: Installation and Configuration

The Cuckoo Sandbox has become one of the most popular open-source frameworks for the automation of malware analysis. One of the many benefits of Cuckoo is the ability to expand its capabilities through additional services and tools, such as Suricata. In this webinar, we will walk you through how to get Suricata up and running in a Cuckoo sandbox to get better network traffic analysis. This webinar will begin from a base installation of Cuckoo and show you how to install Suricata, configure Cuckoo to utilize Suricata as a post-processing module and how to update your initial rule set. We will also explore more advanced Suricata setup options to help with performance such as interacting through a unix socket. By the end of this workshop you will be able leverage Suricata’s IDS alerts to help with your malware analysis workflow.

Cuckoo network analysis enriched with Suricata IDS alerts

This is a free webinar but seats are limited. To sign-up, go to https://zoom.us/meeting/register/v5UtceihrzosujnYxCGEhLRCbNdofG2nzQ

Presented by: Josh Stroschein

Announcing the first Suricata User Conference in Barcelona

oisf-barcelonaWe are excited to announce our first annual OISF / Suricata User Conference happening this November in Barcelona, Spain!

Join us for an exciting two days of Suricata and IDS/IPS development talks, brainstorming sessions, and amazing speakers. You can also attend a 2-day Suricata training event prior to the conference to make it a full-week of learning!

The conference is FREE and open to the public – however, we ask that people register via our events website so we can ensure to accommodate everyone in regards to space and lunches. Visit: http://www.oisfevents.net.

NOTE: the 2-day Suricata training during this week is a paid event and space will fill up – so register at https://suricata-2day-barcelona.eventbrite.com

We look forward to seeing you there! As always if you have questions, contact us at info@oisf.net.

The OISF Team

5-Day Suricata Developer Training

A short time ago we announced the first edition of the Suricata Developer training. I thought it be a good time to explain what we have in mind.

First, we’re planning to make this an annual event. I’m very excited about this. It should be great fun to have a week of development related discussions. I’m sure we can all learn a great deal, and share lots of ideas. Of course the social part is a nice addition.

Also, this is a great “stick behind the door” (as we’d say in Dutch) to finally get some much needed dev docs done, including architecture overview diagrams, etc.
What will we be teaching:

  1. General Suricata development basics: everything from git, how to QA, unittests, debugging, etc.
  2. Architecture overview
    1. API’s
    2. threading
    3. packets, flows, detection and output
  3. Extending Suricata — the beef of the training:
    1. packet decoders and detection plugins
    2. app layer protocol detection, parsing, state keeping
    3. app layer detection engine integration
    4. adding logging modules

Structure

Each day will start with lectures on each of the topics. You will get an overview of the API, learn about performance aspects, how threading comes into play, etc.

After this there will be assignments/challenges to apply the newly learned skills. This should be very interactive with lots of room for questions and discussions. We’ll be providing various assignments for multiple skill levels.

Teachers

From OISF we will have lead developer Victor Julien, core developers Eric Leblond and Jason Ish in the room to give the lectures and help answer questions. Also present to assist in general Suricata related questions: Matt Jonkman and Peter Manev.

Participants

So who is this for? We target people who what to learn how to extend Suricata. If you want to add protocols, detection options or maybe new output methods, then this is for you. Or maybe you want to be a ‘core’ developer on Suricata. Then this would be an excellent start of getting into it.

Skill-set:
– advanced C experience
– Linux Experience
– Network / Security Experience
– Basic Suricata End User Experience
=> for testing your code

If you’re not yet experienced with running Suricata, we would like to suggest attending a user training first. If you book your dev seat first hit us up for discount code on one of the training sessions. We’re planning one in Europe before summer, exact date and location is to be announced.

Money

We’ll be charging for the trainings. The revenue is used to cover the cost of the event itself (travel, hotels, etc). Whats left goes into the foundations general development budget. So by attending the training you will support Suricata’s development.

Location

This first edition is generously hosted by Napatech in Copenhagen, Denmark.
If you want to book, please do so through this Eventbrite link:
https://www.eventbrite.com/e/5-day-suricata-developer-training-in-copenhagen-denmark-open-to-the-public-tickets-15667305332
Questions and general feedback and thoughts are welcome!

Get Trained January 26 and 27 in San Jose, CA!

Join us for this dynamic, hands-on, 2-day Suricata training event! Developers and security professionals will walk-away with not only a greater proficiency in Suricata’s core technology; but will have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s development team.

This training session will take place on January 26 and 27 at the Tilera HQ in San Jose, CA. It will be given by Suricata expert Peter Manev, and OISF president and Emerging Threats CTO Matt Jonkman.

Some of topics that will be covered over the course of the 2-days include:

  • Compiling, Installing, and Configuring Suricata
  • Performance Factors, Rules and Rulesets
  • Capture Methods and Performance
  • Event / Data Outputs and Capture Hardware
  • Troubleshooting Common Problems
  • Advanced Tuning
  • Integration with Other Tools

You can register through eventbrite here. More info on the Suricata Training Program can be found here.

This event is generously hosted by our long time supporters: Tilera.

tilera_logo_pms361_plain

We hope to see you there!

Get Trained at DeepSec in Vienna

DeepSecLogoJoin us for this dynamic, hands-on, 2-day training session. Developers and security professionals will walk-away with not only a greater proficiency in Suricata’s core technology; but will have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s lead developers.

This training session will take place on November 18 and 19 at the DeepSec conference in Vienna . It will be given by Suricata lead developer Victor Julien, OISF president and Emerging Threats CTO Matt Jonkman, Suricata developer Eric Leblond and Suricata expert Peter Manev.

Some of topics that will be covered at this course include:

  • Compiling, Installing, and Configuring Suricata
  • Performance Factors, Rules and Rulesets
  • Capture Methods and Performance
  • Event / Data Outputs and Capture Hardware
  • Troubleshooting Common Problems
  • Integration with Other Tools

You can register at the DeepSec conference registration page here.

More info on the Suricata Training Program can be found here.

We hope to see you there!