Intrusion Analysis & Threat Hunting [PRE-CONFERENCE TRAINING - SuriCon2022]

Actions Panel

Intrusion Analysis & Threat Hunting [PRE-CONFERENCE TRAINING - SuriCon2022]

Get the most out of SuriCon week! Join our trainers in-person or virtually for this intermediate-level Suricata training course.


When and where

Date and time


Grand Hyatt Athens 115 Leoforos Andrea Siggrou 117 45 Athina Greece

Map and directions

How to get there

Refund Policy

Contact the organizer to request a refund.
Eventbrite's fee is nonrefundable.

About this event

In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. In Intrusion Analysis and Threat Hunting with Open Source Tools, you will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches. We will explore all phases of adversary tactics and techniques - from delivery mechanisms to post-infection traffic and data exfiltration to get hands-on analysis experience. Open-source tools such as Suricata, Moloch and Kibana will be utilized to generate data, perform exhaustive traffic analysis, and develop comprehensive threat hunting strategies. By the end of this course, you will have the knowledge and skills necessary to discover new threats in your network and build an effective threat hunting program.

This year, we're extending an invitation to join our PRE-CONFERENCE training sessions at the Grand Hyatt in Athens, Greece or through our virtual platform. These trainings will take place over the course of Monday-Tuesday November 7th-8th, 2022.

Led by our experienced Suricata trainers, this 2-day intermediate user training is held the same week as SuriCon2022 - join us for both and receive a 20% discount on this training!

To receive your discount:

    • Secure your ticket for SuriCon2022 by visiting
    • Email us at and let us know your intention to attend both events.
    • We will give you a single-use access link to register for this training. The 20% discount code will be automatically applied!

A sample of the topics that will be covered:

  • Identify key strategies for network security architecture and visibility
  • Learn the fundamentals of rule writing and rule comprehension
  • Understand how to managing rule sources and create effective rule sets
  • Recognize traffic anomalies
  • Analyze suspicious traffic to determine maliciousness
  • Learn how to pivot off of key attack indicators using threat intelligence
  • Leveraging rules specifically for threat hunting
  • Learn different usage techniques for hunting - rules vs. network protocol (NSM) data
  • Lateral detection techniques in Windows environments (SMB/DCERPC)

What is Suricata?

Suricata is a high-performance Network IDS, IPS and Network Security Monitoring engine sought after around the world. Open-source and managed by a community, Suricata is a part of the non-profit foundation; the Open Information Security Foundation (OISF). OISF’s mission is to remain on the leading edge of open source IDS/IPS development by welcoming in open sources technologies looking for a community to support them

Who should attend?

  • Security Administrators
  • Enterprise Defenders
  • Incident Responders
  • Security Operations Specialists
  • Security Analysts
  • Malware Analysts


  • Being able to import and run a VM (minimum 2CPU / 4GB RAM) on your laptop
  • Basic understanding of IDS/IPS/NSM principles
  • Networking, TCP/IP
  • Linux familiarity

Full Course Description:

Closing the gap between when an infection occurs and when it is detected is a key goal of an effective threat hunting program. While many security solutions focus on detecting adversarial activity in real time, skilled threat actors have demonstrated the ability to bypass these security tools. This can leave an organization vulnerable to further compromise and data breaches. Having the right data available during an incident or when performing proactive threat hunting activities is crucial for success. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this course, attendees will learn the skills required to identify, respond and protect against threats in their network day to day as well as identify new threats through structured data aggregation and analysis. Adversary tactics and techniques from delivery mechanisms to post-infection traffic and data exfiltration will be explored in-depth to gain comprehensive analysis experience. Hands-on labs consisting of real-world malware and network traffic will reinforce course concepts while utilizing the latest Suricata features. By the end of this course, you will have the knowledge and skills to seek out indicators of anomalous or malicious activity in your network traffic and discover threats you have been missing!

This course will cover the fundamental aspects of Suricata such as rule comprehension, managing rule sets, validating alerts, working through false positive/negatives and customizing rules to provide more visibility into your traffic. In-depth analysis of network traffic and the development of threat hunting strategies to detect anomalous or malicious activity will be accomplished with tools such as Moloch, Kibana and CyberChef. Hands-on real-world exercises will be used to reinforce the detection techniques and tactics explained throughout the course. Threat intelligence feeds and other online resources will also be explored to learn how to pivot between data sources while performing proactive threat hunting activities. This is an ideal course for security analysts, blue teams and malware researchers to get hands-on diving deep into malicious traffic.

We hope to see you there!

Kind regards,


Questions?  Email us at or visit SuriCon2022.  

Net proceeds from this and all OISF's training events go directly to funding Suricata's development and OISF's mission to supporting open source security technologies.  For questions about this event or about becoming a member of the OISF community please contact us at