Suricata

This material has been designed to be taught in a classroom environment... hands-on 80% + talk 40% + slides 0% = 120% hard work

The material is missing some of the contextual concepts and ideas that will be covered in class.

This is material for any intermediate-level dev-ops who has some experience with other security|monitoring tools and wants to learn Suricata. We believe these classes are perfect for anyone who wants a jump start in learning Suricata or who wants a more thorough understanding of it internals.

Suricata is intrusion detection and prevention system

Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.

Suricata

Day 0: Intro - Mon, Oct 17, starts at 11:00

• 11:00 - 12:30
  • Intro
  • singlehost
  • vagrant
  • what is Suricata
• 13:30 - 16:30
  • Suricata on CLI
  • Suricata language server
  • writing your first rule

Day 1 - Tue, Oct 18, 08:30

• 08:30 - 12:30
  • EVE log basics
  • EVE basic tasks
  • rule writing, cont
• 13:30 - 16:30
  • Unix socket mode
  • datasets

Day 2 - Wed, Oct 19, 08:30

• 08:30 - 12:30
  • datasets, cont
  • building suricata
• 13:30 - 16:30
  • configuring suricata

Day 3 - Thu, Oct 20, 08:30

• 08:30 - 12:30
  • Introducing rulesets
  • Ruleset exploration show and tell
  • suricata-update
• 13:30 - 16:30
  • SELKS
  • Hunting notebooks

Day +1: Last but not least - Fri, Oct 21, 08:30

• 08:30 - 10:00
  • open for requests
• 10:30 - 11:30
  • feedback, contact exchange, thanks, etc.

Before You Come To Class please browse trough ..

• prereqs
• singlehost
• suricata
• vagrant