Training

Why not learn Suricata from those who know it best?! Our training classes offer the latest and greatest in Suricata led by the team that develops and maintains it. All our curriculum has been updated to cover the latest versions of Suricata including 4.1!

Discounts for Suricata trainings are available to OISF Consortium Members and SuriCon attendees – contact us at info@oisf.net for details.

Suricata Online Training

Intrusion Detection with Suricata is a foundational course that will help you unlock the power of Suricata and use it to detect intruders on your network. Provided in cooperation with Applied Network Defense. For more information and to sign up visit https://www.networkdefense.io/library/intrusion-detection-with-suricata/61181/about/ .

Public Training Classes

Threat Hunting with Suricata (Network Security Monitoring) (2-day)

Defending your network starts with understanding your traffic. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this brand-new course, attendees will learn the skills required to identify, respond and protect against threats in their network day to day as well as identify new threats through structured data aggregation and analysis. Hands-on labs consisting of real-world malware and network traffic will reinforce course concepts while utilizing the latest Suricata features. Come and see what you’ve been missing in your network and unlock the full potential of network security, detection, and response with Threat Hunting with Suricata. This class brings hands-on experience with Suricata covering topics such as: Identify key strategies for network security architecture and visibility | Learn the fundamentals of rule-writing and rule comprehension | Understand how to managing rule sources and create effective rulesets | Develop methods for establishing network baselines | Recognize traffic anomalies | Use Suricata to capture network traffic and replay PCAPS | Utilize log aggregation and shipping services to build a complete picture | Perform traffic analysis and create visualizations with Kibana | Develop a custom network sensor with Suricata and ELK | Analyze suspicious traffic to determine maliciousness | Learn how to pivot off of key attack indicators using threat intelligence | Analyze true positive and false positive alerts | Leveraging rules specifically for threat hunting | Deploying honey tokens | and more.

What you need to know before attending: This is a hands-on course, therefore, good knowledge with Networking, TCP/IP, Linux command line, and a basic understanding of IDS/IPS/NSM principles is required. Other prerequisites include being able to import and run a VM (1CPU / 3-4GB RAM) on your laptop.

This class is perfect for Security Administrators | Enterprise Defenders | Incident Responders | Security Operations Specialists | Security Analysts | Malware Analysts | Network Engineers

Suricata Advanced Deployment and Architecture (2-day)

The NEWEST Suricata training our Suricata Advanced Deployment and Architecture class offers a hands-on experience that will lead experienced Suricata users and developers from the efficient and fast set-up of correct operations to successful threat hunting examples in massive traffic jams with Suricata. This class is perfect for those who want to take their skills and knowledge to a new level – including live and active examples of configurations and setup deployments in 40+Gbps Threat Hunting deployments. Security professionals will actively experience all that Suricata has to offer and walk away with greater proficiency in Suricata’s core technology. Time is built into the class, so attendees have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s developers. Hands-on and fast-paced this class brings Suricata to a new level for advanced users by covering topics such as: Advanced Performance Factors | Advanced Tuning Techniques | Rules, Rulesets and Optimization | Event / Data Outputs | Troubleshooting Common Problems | Lua Scripting | Anomaly Detection | File Extraction | Automatic Protocol Detection | Pcap Processing | Enterprise Architecture | IDS / IPS / IDPS / NSM Deployment and Set Up | Server HW / NIC/ CPU Architecture and Selection Process | Virtual Deployment Tips and Tricks | Capture Methods and Specifics | Capture Hardware | Integration with Other applications | and more.

What you need to know before attending: This is an advanced level, hands-on course, therefore, attendees are expected to have basic experience with installing, compiling, configuring, and running Suricata, Linux command line, TCP/IP networking, and the ability to remotely ssh to the cloud training environment.

This class is perfect for: Enterprise Engineers | Infrastructure Security and Application Operations | Network Security Administrators | Security Architects | Security Analysts | Malware Analysts | Network Engineers

Practical Signature Development for Suricata (2-day)

In Practical Signature Development for Suricata, we will teach expert methods and techniques for writing network signatures to efficiently detect the greatest and most common threats facing organizations today. Attendees will gain invaluable information and knowledge including the configuration, usage, architecture, traffic analysis fundamentals, signature writing, and testing of Suricata. Attendees will be given materials to help them understand and develop their own network signatures. Updated lab exercises featuring current threats will train students how to analyze and interpret hostile network traffic into agile rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Cryptocurrency Miners, Phishing Attacks, Malicious Documents, Crimeware Backdoors, and Targeted Threats. Students will leave the class armed with the knowledge of how to write quality signatures for their environment, enhancing their organization’s ability to respond and detect threats. The class is very hands-on with a robust workbook featuring exercise walkthroughs/explanations and a physical copy of the material presented. The class exercises feature paths for those that are brand new to writing signatures and signature experts who dream in pcre. The class has been updated for the latest Suricata functionality such as the SMB2/3 protocol, whitespace transforms, and new detection buffers.

What you need to know before attending: This is an advanced, hands-on course, therefore, attendees are expected to be able to import and run a VM (1CPU/1-2GM RAM) on their laptop, Linux command line, TCP/IP networking, and basic understanding of IDS/IPS/NSM principles.

This class is perfect for: Security Administrators | Enterprise Defenders | Incident Responders | Security Operations Specialists | Security Analysts | Malware Analysts | Network Engineers

Suricata Developer Deep Dive (5-day)

This class is a unique and intensive learning event especially geared toward developers and security professionals wanting a deep dive into Suricata’s technology. Developers and security professionals will walk away with a greater proficiency in Suricata’s core technology and have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s development team, including Suricata’s founder and lead developer Victor Julien. Some of the exciting topics that will be covered during the 5-days include: Architecture Overview | PKT Decoder | PKT Detection Module | Application Layer Decoder and Logging Module | Application Layer Detection Module | Running Unit Tests | Enabling Debug Mode | How to Contribute to Suricata – (github, etc.) | Introduction to eBPF filter development | Introduction to Rust language | Extending Suricata with the Rust Language | Writing a Application Layer decoder in Rust.

What you need to know before attending: This highly advanced and technical class is hands-on where attendees are expected to have advanced experience in C, Linux experience, network and security experience, basic Suricata end-user experience, and knowledge of Rust is a plus.

This class is perfect for: Experienced developers and security professionals who want to expand their knowledge and experience with Suricata.

For details or to sign up for any of our public training events visit: https://suricata_events.eventbrite.com
Discounts for Suricata trainings are available to OISF Consortium Members and SuriCon attendees – contact us at info@oisf.net for details.

Customized Training Events

In addition to our public events, we can also bring any of our live Suricata training classes on-site to you, or customize a training, including 1:1 time with Suricata experts, tailored to meet the unique needs of your team and your organization!  For details and pricing contact info@oisf.net.

Frequently Asked Questions

  • What are the requirements to attend a Suricata training?  
    • Each training has specific requirements, so make sure you check out the details.
  • What will happen to the revenue from these training events?
    • After subtracting the cost of the training, ALL proceeds go directly to supporting Suricata development and OISF’s operating costs. OISF is a 501(c)3 non-profit organization that owns, manages, and supports Suricata.
  • Are there discounts available?  

This page will be updated with new training events.