Advanced Deployment & Configuration [PRE-CONFERENCE TRAINING - SuriCon2022]

Actions Panel

Advanced Deployment & Configuration [PRE-CONFERENCE TRAINING - SuriCon2022]

Start your SuriCon week early! Join our trainers in-person or virtually for this advanced-level Suricata training course.

By OISF

When and where

Date and time

Location

Grand Hyatt Athens 115 Leoforos Andrea Siggrou 117 45 Athina Greece

Map and directions

How to get there

Refund Policy

Contact the organizer to request a refund.
Eventbrite's fee is nonrefundable.

About this event

Network-based threat detection is crucial for developing a comprehensive security strategy, whether it is on-premise or in the cloud. In Advanced Deployment and Architecture for Network Traffic Analysis, you will learn how to maximize the visibility that Suricata can provide into your network. You will gain deep technical understanding and hands-on experience with Suricata’s versatile arsenal of features and capabilities for a variety of deployment, usage, and integration scenarios. Tuning and optimizing Suricata for threat/anomaly detection, file extraction, and/or protocol detection are critical for a successful deployment. You will also learn traditional and non-traditional tips, tricks, and techniques to implement Suricata and its newest features based on real-world deployment experiences, to include cloud-based deployments. This class also offers a unique opportunity to bring in-depth use cases, questions, and challenges directly to the Suricata team. By the end of this course, you will be able to successfully design, deploy, implement, optimize and hunt with your high-performance Suricata deployment.

This year, we're extending an invitation to join our PRE-CONFERENCE training sessions at The Grand Hyatt in Athens, Greece or through our virtual platform. These trainings will take place over the course of Monday-Tuesday November 7th-8th, 2022.

Directed by lead Suricata developers, this 2-day advanced user training is held the same week as SuriCon2022 - join us for both and receive a 20% discount on this training!

To receive your discount:

  • Secure your ticket for SuriCon2022 by visiting www.suricon.net.
  • Email us at SuriCon@oisf.net and let us know your intention to attend both events.
  • We will give you a single-use access link to register for this training. The 20% discount code will be automatically applied!

What is Suricata?

Suricata is a high-performance Network IDS, IPS and Network Security Monitoring engine sought after around the world. Open-source and managed by a community, Suricata is a part of the non-profit foundation; the Open Information Security Foundation (OISF). OISF’s mission is to remain on the leading edge of open source IDS/IPS development by welcoming in open sources technologies looking for a community to support them

A sample of the topics that will be covered:

Day 1:

  • Advanced performance factors and tuning techniques
  • Capture methods and run modes
  • Detection engine and multi-pattern matchers
  • Rules, rulesets and rule syntax and optimization
  • Extending rules and outputs with Lua scripting
  • Automatic protocol detection and anomaly detection
  • File extraction: HTTP, SMTP, NFS, FTP/SMBv1-3
  • PCAP processing
  • Tuning principles

Day 2:

  • Enterprise Architecture
  • IDS / IPS / IDPS / NSM deployment and setup
  • Server HW / NIC / CPU architecture and selection process
  • Virtual deployment considerations/tips and tricks
  • Positive and negative packet loss
  • Capture considerations
  • Numa, CPU affinity, threading and NIC RSS hashing
  • Flows and elephant flows
  • eXpress Data Path (XDP)
  • Troubleshooting system overloads
  • Managing outputs
  • Integration with other Security Tools and Data Stores
  • Make sense out of millions events on the wire

Pre-requisites:

  • This is an intermediate to advanced level course. Students should have the following knowledge to get the most out of this training:
  • Basic experience with installing, compiling, configuring and running Suricata is a must.
  • Hands on Linux command line
  • TCP/IP networking

Full Course Description:

The foundation for effective intrusion detection and response is based on proper sensor placement and configuration. Sensor placement is crucial for developing a comprehensive network security and monitoring solution. Misconfigurations and improper placement can lead to gaps in network visibility, which can allow attackers to go undetected for prolonged periods of time and to penetrate deeper into your network. In Suricata Advanced Deployment and Architecture, you will learn the skills necessary to successfully design, deploy and optimize a high-performance network monitoring and security solution. Filled with hands-on exercises and comprehensive demonstrations, this class will elevate your skills to maximize your network visibility and data management with Suricata. By the end of this course you will deep technical understanding and hands on experience with Suricata’s versatile arsenal of features and capabilities for a variety of deployment, usage, and integration scenarios.

This course will go in-depth in Suricata configuration and deployment considerations. You will learn which capture method is best for traffic acquisition, maximizing performance with runmodes and dive deep into Suricata’s detection engine and multi-pattern matchers. Discover how to expand Suricata’s detection and output capabilities with Lua scripting as well as anomaly detection and file extraction capabilities. Gain a deeper understanding of performance and tuning considerations through CPU affinity, Numa, threading and NIC RSS hashing. Alongside that understand specifics about deployments the cloud and the pros and cons of those. Details of what and how needs to be in place for the cloud security monitoring. Learn how to perform effective and exhaustive troubleshooting when situations like packet loss and system overloading occur. Finally, learn how to handle elephant flows, work with eXpress Data Path, how output generation affects your deployment and how to integrate Suricata with other tools such as an ELK stack, Splunk and other Linux-based distributions such as SELKS. This class also offers a unique opportunity to bring in-depth use cases, questions, challenges, and new ideas directly to the Suricata team. Take your deployment and configuration skills to an expert level with Suricata Advanced Deployment and Architecture!

We hope to see you there!

Kind regards,

Team OISF

Questions?  Email us at SuriCon@oisf.net or visit SuriCon2022.  

Net proceeds from this and all OISF's training events go directly to funding Suricata's development and OISF's mission to supporting open source security technologies. For questions about this event or about becoming a member of the OISF community please contact us at info@oisf.net.