Training

Why not learn Suricata from those who know it best?! Our new and redesigned training classes continue to offer the best in Suricata led by the team that develops and maintains it. All our curriculum has been updated to cover the latest versions of Suricata including 4.0!

Discounts for Suricata trainings are available to OISF Consortium Members and SuriCon attendees – contact us at info@oisf.net for details.

Suricata Online Training

Intrusion Detection with Suricata is a foundational course that will help you unlock the power of Suricata and use it to detect intruders on your network. Provided in cooperation with Applied Network Defense. For more information and to sign up visit https://www.networkdefense.io/library/intrusion-detection-with-suricata/61181/about/ .

Public Training Classes

New! Network Security Monitoring with Suricata (2-day)

In this brand new 2-day class, we will teach the skills required by network security analysts and incident responders to protect and respond to threats in their network day to day. What to expect? This course will cover the fundamental aspects of Suricata such as deployment, installation, and tuning, as well as rule comprehension, managing rulesets, validating alerts, working through false positive/negatives, and customizing rules to provide more signal to noise in alerts. This course will also discuss packet loss and techniques to ensure full visibility into your network, in addition to in-depth log analysis and hands-on real-world exercises to reinforce the detection techniques and tactics explained throughout the course. Come and see what you’ve been missing and unlock the full potential of network security, detection, and response with Suricata NSM.

What you need to know before attending: This is a hands-on course, therefore, good knowledge with Networking, TCP/IP, Linux command line, and a basic understanding of IDS/IPS/NSM principles is required. Other prerequisites include being able to import and run a VM (1CPU / 3-4GB RAM) on your laptop.

This class is perfect for: Security Administrators | Enterprise Defenders | Incident Responders | Security Operations Specialists | Security Analysts | Malware Analysts | Network Engineers

New! Suricata Advanced Deployment and Architecture (2-day)

Suricata has a versatile arsenal and benefits of possible deployment, usage, and integration scenarios. Come learn about traditional and non-traditional tips/tricks and integration processes based on exclusive hands-on deployment experiences. In this newly redesigned 2-day class, we will teach usage cases and learn the process and concepts of how to integrate Suricata or build from scratch your security monitoring environment or devices with Suricata. This class also offers a unique opportunity to bring in-depth questions, challenges, and new ideas directly to the Suricata team. Hands-on and fast-paced this class brings Suricata to a new level for advanced users by covering topics such as: Advanced Performance Factors | Advanced Tuning Techniques | Rules, Rulesets and Optimization | Event / Data Outputs | Troubleshooting Common Problems | Lua Scripting | Anomaly Detection | File Extraction | Automatic Protocol Detection | Pcap Processing | Enterprise Architecture | IDS / IPS / IDPS / NSM Deployment and Set Up | Server HW / NIC/ CPU Architecture and Selection Process | Virtual Deployment Tips and Tricks | Capture Methods and Specifics | Capture Hardware | Integration with Other applications

What you need to know before attending: This is an advanced level, hands-on course, therefore, attendees are expected to have basic experience with installing, compiling, configuring, and running Suricata, Linux command line, TCP/IP networking, and the ability to remotely ssh to the cloud training environment.

This class is perfect for: Enterprise Engineers | Infrastructure Security and Application Operations | Network Security Administrators | Security Architects | Security Analysts | Malware Analysts | Network Engineers

Updated! Practical Signature Development for Suricata (2-day)

This class is perfect for those who want to learn expert methods and techniques for writing network signatures to efficiently detect the greatest threats facing organizations today. Attendees will gain invaluable information and knowledge including the configuration, usage, architecture, traffic analysis fundamentals, signature writing, and testing of Suricata IDS. Attendees will be given handouts to help them develop and read with IDS signatures. Lab exercises will train attendees how to analyze and interpret hostile network traffic into agile IDS rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Phishing Attacks, Malicious Documents, Crimeware Backdoors, Targeted Threats, and more. Attendees will leave the class armed with the knowledge of how to write quality IDS signatures for their environment, enhancing their organization’s ability to respond and detect threats. The class has been updated for the latest Suricata 4.0 IDS features while still retaining backward-compatibility with older Suricata versions. The class is hands-on with a robust workbook featuring exercise walkthroughs/explanations and a physical copy of the material presented. The class exercises feature paths for those that are brand new to writing IDS signatures and signature experts who dream in pcre.

What you need to know before attending: This is an advanced, hands-on course, therefore, attendees are expected to be able to import and run a VM (1CPU/1-2GM RAM) on their laptop, Linux command line, TCP/IP networking, and basic understanding of IDS/IPS/NSM principles.

This class is perfect for: Security Administrators | Enterprise Defenders | Incident Responders | Security Operations Specialists | Security Analysts | Malware Analysts | Network Engineers

Suricata Developer Deep Dive (5-day)

This class is a unique and intensive learning event especially geared toward developers and security professionals wanting a deep dive into Suricata’s technology. Developers and security professionals will walk away with a greater proficiency in Suricata’s core technology and have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s development team, including Suricata’s founder and lead developer Victor Julien. Some of the exciting topics that will be covered during the 5-days include: Architecture Overview | PKT Decoder | PKT Detection Module | Application Layer Decoder and Logging Module | Application Layer Detection Module | Running Unit Tests | Enabling Debug Mode | How to Contribute to Suricata – (github, etc.) | Introduction to eBPF filter development | Introduction to Rust language | Extending Suricata with the Rust Language | Writing a Application Layer decoder in Rust.

What you need to know before attending: This is highly advanced, technical class is hands-on where attendees are expected to have advanced experience in C, Linux experience, network and security experience, basic Suricata end-user experience, and knowledge of Rust is a plus.

This class is perfect for: Experienced developers and security professionals who want to expand their knowledge and experience with Suricata.

For details or to sign up for any of our public training events visit: https://suricata_events.eventbrite.com
Discounts for Suricata trainings are available to OISF Consortium Members and SuriCon attendees – contact us at info@oisf.net for details.

Customized Training Events

In addition to our public events, we can also bring any of our live Suricata training classes on-site to you, or customize a training, including 1:1 time with Suricata experts, tailored to meet the unique needs of your team and your organization!  For details and pricing contact info@oisf.net.

Frequently Asked Questions

  • What are the requirements to attend a Suricata training?  
    • Each training has specific requirements, so make sure you check out the details.
  • What will happen to the revenue from these training events?
    • After subtracting the cost of the training, ALL proceeds go directly to supporting Suricata development and OISF’s operating costs. OISF is a 501(c)3 non-profit organization that owns, manages, and supports Suricata.
  • Are there discounts available?  

This page will be updated with new training events.