$2,000

Intrusion Analysis & Threat Hunting with Suricata @ SuriCon 2021

Actions and Detail Panel

$2,000

Event Information

Location

Location

Boston Marriott Copley Place

110 Huntington Avenue

Boston, MA 02116

View Map

Refund policy

Refund policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Event description
Join us the Monday/Tuesday before SuriCon 2021 in Boston, MA & learn firsthand alongside our leading Suricata developers!

About this event

Suricata is a high-performance Network IDS, IPS and Network Security Monitoring engine sought after around the world. Open-source and managed by a community, Suricata is a part of the non-profit foundation; the Open Information Security Foundation (OISF). OISF’s mission is to remain on the leading edge of open source IDS/IPS development by welcoming in open sources technologies looking for a community to support them.

This 2-day advanced user training led by Suricata's lead developers is being held the same week as SuriCon 2018 - join us for both and receive a 20% discount on this training!

To received your discount:

  • Register for SuriCon by visiting www.suricon.net.
  • Email us at info@oisf.net and let us know you are coming to SuriCon
  • We will give you a one-time-only link to register for this training with the 20% discount.

Why should come?

Developers and security professionals will walk away with a greater proficiency in Suricata’s core technology and will have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s developers.

Who should attend?

  • Security Administrators
  • Enterprise Defenders
  • Incident Responders
  • Security Operations Specialists
  • Security Analysts
  • Malware Analysts

A sample of the topics that will be covered:

  • Identify key strategies for network security architecture and visibility
  • Learn the fundamentals of rule writing and rule comprehension
  • Understand how to managing rule sources and create effective rulesets
  • Develop methods for establishing network baselines
  • Recognize traffic anomalies
  • Use Suricata to capture network traffic and replay PCAPS
  • Utilize log aggregation and shipping services to build a complete picture
  • Perform traffic analysis and create visualizations with Kibana
  • Develop a custom network sensor with Suricata and ELK
  • Analyze suspicious traffic to determine maliciousness
  • Learn how to pivot off of key attack indicators using threat intelligence
  • Analyze true positive and false positive alerts
  • Leveraging rules specifically for threat hunting
  • Deploying honey tokens

Pre-requisites:

  • Being able to import and run a VM (minimum 2CPU / 4GB RAM) on your laptop
  • Basic understanding of IDS/IPS/NSM principles
  • Networking, TCP/IP
  • Linux familiarity

Abstract (short):

In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. In Intrusion Analysis and Threat Hunting with Open Source Tools, you will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches. We will explore all phases of adversary tactics and techniques - from delivery mechanisms to post-infection traffic and data exfiltration to get hands-on analysis experience. Open-source tools such as Suricata, Moloch and Kibana will be utilized to generate data, perform exhaustive traffic analysis, and develop comprehensive threat hunting strategies. By the end of this course, you will have the knowledge and skills necessary to discover new threats in your network and build an effective threat hunting program.

Full Course Description:

Closing the gap between when an infection occurs and when it is detected is a key goal of an effective threat hunting program. While many security solutions focus on detecting adversarial activity in real time, skilled threat actors have demonstrated the ability to bypass these security tools. This can leave an organization vulnerable to further compromise and data breaches. Having the right data available during an incident or when performing proactive threat hunting activities is crucial for success. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In this course, attendees will learn the skills required to identify, respond and protect against threats in their network day to day as well as identify new threats through structured data aggregation and analysis. Adversary tactics and techniques from delivery mechanisms to post-infection traffic and data exfiltration will be explored in-depth to gain comprehensive analysis experience. Hands-on labs consisting of real-world malware and network traffic will reinforce course concepts while utilizing the latest Suricata features. By the end of this course, you will have the knowledge and skills to seek out indicators of anomalous or malicious activity in your network traffic and discover threats you have been missing!

This course will cover the fundamental aspects of Suricata such as rule comprehension, managing rule sets, validating alerts, working through false positive/negatives and customizing rules to provide more visibility into your traffic. In-depth analysis of network traffic and the development of threat hunting strategies to detect anomalous or malicious activity will be accomplished with tools such as Moloch, Kibana and CyberChef. Hands-on real-world exercises will be used to reinforce the detection techniques and tactics explained throughout the course. Threat intelligence feeds and other online resources will also be explored to learn how to pivot between data sources while performing proactive threat hunting activities. This is an ideal course for security analysts, blue teams and malware researchers to get hands-on diving deep into malicious traffic.

We hope to see you there!  

Net proceeds from this and all OISF's training events go directly to funding Suricata's development and OISF's mission to supporting open source security technologies.  For questions about this event or about becoming a member of the OISF community please contact us at info@oisf.net.

  

Share with friends

Location

Boston Marriott Copley Place

110 Huntington Avenue

Boston, MA 02116

View Map

Refund policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

{ _('Organizer Image')}

Organizer OISF

Organizer of Intrusion Analysis & Threat Hunting with Suricata @ SuriCon 2021

The Open Information Security Foundation (OISF) is a team of multi-national software developers and security experts committed to open source security technologies and identifying groundbreaking trends in information security and network monitoring. OISF, a 501(c)3 non-profit organization, owns and supports Suricata. To learn more about the community or becoming a consortium member contact us at info@oisf.net  

Save This Event

Event Saved