Suricata is a high-performance Network IDS, IPS and Network Security Monitoring engine sought after around the world. Open-source and managed by a community, Suricata is a part of the non-profit foundation; the Open Information Security Foundation (OISF). OISF’s mission is to remain on the leading edge of open source IDS/IPS development by welcoming in open source technologies looking for a community to support them.
Suricata can show you things about your network you haven't seen before. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert. In our 2-day training classes, we will teach the skills required by network security analysts and incident responders to protect and respond to threats in the network(s) day to day.
In Practical Signature Development for Suricata we will teach expert methods and techniques for writing network signatures to efficiently detect the greatest and most common threats facing organizations today. Attendees will gain invaluable information and knowledge including the configuration, usage, architecture, traffic analysis fundamentals, signature writing, and testing of Suricata. Attendees will be given materials to help them understand and develop their own network signatures. Updated lab exercises featuring current threats will train students how to analyze and interpret hostile network traffic into agile rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Cryptocurrency Miners, Phishing Attacks, Malicious Documents, Crimeware Backdoors, and Targeted Threats. Students will leave the class armed with the knowledge of how to write quality signatures for their environment, enhancing their organization’s ability to respond and detect threats. The class is very hands-on with a robust workbook featuring exercise walkthroughs/explanations and a physical copy of the material presented. The class exercises feature paths for those that are brand new to writing signatures and signature experts who dream in pcre. The class has been updated for the latest Suricata functionality such as the SMB2/3 protocol, whitespace transforms, and new detection buffers.
Network and Malware Analysis Fundamentals
IDS Engine and Rule Writing Fundamentals
Writing Signatures for DNS, HTTP, SSL/TOR
Advanced Rule Features
Detecting Phishing Communications, Ransomware Communications, Malicious Documents, Exploit Kit Activity, Targeted Threats
Prerequisites for the class:
Being able to import and run a VM (2CPU / 6GB RAM) on your laptop
Basic understanding of IDS/IPS/NSM principles
Networking, TCP/IP
Linux command line
Security Administrators
Enterprise Defenders
Incident Responders
Security Operations Specialists
Security Analysts
Malware Analysts
Network Engineers
Net proceeds from this and all OISF's training events go directly to funding Suricata's development and OISF's mission to support open source security technologies. OISF is a 501c(3) U.S. non-profit. For questions about this event or about becoming a member of the OISF community please contact us at