Practical Signature Development for Suricata - Denver, CO

Suricata is a high-performance Network IDS, IPS and Network Security Monitoring engine sought after around the world. Open-source and managed by a community, Suricata is a part of the non-profit foundation; the Open Information Security Foundation (OISF). OISF’s mission is to remain on the leading edge of open source IDS/IPS development by welcoming in open source technologies looking for a community to support them.

Suricata can show you things about your network you haven't seen before. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In our 2-day training classes, we will teach the skills required by network security analysts and incident responders to protect and respond to threats in the network(s) day to day. 

What to expect?

In Practical Signature Development for Suricata we will teach expert methods and techniques for writing network signatures to efficiently detect the greatest and most common threats facing organizations today. Attendees will gain invaluable information and knowledge including the configuration, usage, architecture, traffic analysis fundamentals, signature writing, and testing of Suricata. Attendees will be given materials to help them understand and develop their own network signatures. Updated lab exercises featuring current threats will train students how to analyze and interpret hostile network traffic into agile rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Cryptocurrency Miners, Phishing Attacks, Malicious Documents, Crimeware Backdoors, and Targeted Threats. Students will leave the class armed with the knowledge of how to write quality signatures for their environment, enhancing their organization’s ability to respond and detect threats. The class is very hands-on with a robust workbook featuring exercise walkthroughs/explanations and a physical copy of the material presented. The class exercises feature paths for those that are brand new to writing signatures and signature experts who dream in pcre. The class has been updated for the latest Suricata functionality such as the SMB2/3 protocol, whitespace transforms, and new detection buffers.  

What will be covered? Here's a sample:

• Network and Malware Analysis Fundamentals

• IDS Engine and Rule Writing Fundamentals

• Writing Signatures for DNS, HTTP, SSL/TOR

• Advanced Rule Features

• Detecting Phishing Communications, Ransomware Communications, Malicious Documents, Exploit Kit Activity, Targeted Threats

• Prerequisites for the class:

• Being able to import and run a VM (2CPU / 6GB RAM) on your laptop

• Basic understanding of IDS/IPS/NSM principles

• Networking, TCP/IP

• Linux command line

Who should attend:

          Security Administrators
          Enterprise Defenders
          Incident Responders
          Security Operations Specialists
          Security Analysts
          Malware Analysts
          Network Engineers

Net proceeds from this and all OISF's training events go directly to funding Suricata's development and OISF's mission to support open source security technologies. OISF is a 501c(3) U.S. non-profit.  For questions about this event or about becoming a member of the OISF community please contact us at info@oisf.net.