Network Security Monitoring with Suricata

Introducing our NEW fully virtual, on-demand Suricata overview course! Instructed by OISF’s Director of Training Dr. Josh Stroschein.

Closing the gap between when an infection occurs and when it is detected is a key goal of any security program. In this course, Network Security Monitoring with Suricata, you will gain the experience needed to get started monitoring your network with Suricata.

First, you’ll explore the basics of intrusion detection and prevention. Next, you’ll discover the basics of network security monitoring and the role Suricata plays. With a solid understanding of Suricata, you will next learn about Suricata’s core functions. Finally, you will learn how to deploy Suricata into an enterprise environment.

When you’re finished with this course, you’ll have the skills and knowledge of network security monitoring needed to deploy Suricata into your own networks.

 

Check out the course trailer from our NEW partners at Pluralsight:

 

 

Please note: The following courses Intrusion Analysis and Threat Hunting with Suricata and Suricata Advanced Deployment and Architecture are only offered periodically throughout the year. Follow our Eventbrite page here to be the first to know when new courses are available.

Intrusion Analysis and Threat Hunting with Suricata

Defending your network starts with understanding your traffic. More than just an IDS/IPS, Suricata can provide the visibility to solve incidents quickly and more accurately by enabling context before, during, and after an alert.

In this 2-day course, you will learn the skills required to identify, respond and protect against threats in their network day to day as well as identify new threats through structured data aggregation and analysis. Hands-on labs consisting of real-world malware and network traffic will reinforce course concepts while utilizing the latest Suricata features. Come and see what you’ve been missing in your network and unlock the full potential of network security, detection, and response.

Pre-requisites:

  • Being able to import and run a VM (minimum 2CPU / 4GB RAM) on your laptop
  • Basic understanding of IDS/IPS/NSM principles
  • Networking concepts such as, TCP/IP
  • Basic linux familiarity

Suricata Advanced Deployment and Architecture

The foundation for effective intrusion detection and response is based on proper sensor placement and configuration. Sensor placement is crucial for developing a comprehensive network security and monitoring solution. Misconfigurations and improper placement can lead to gaps in network visibility, which can allow attackers to go undetected for prolonged periods of time and to penetrate deeper into your network.

In this advanced 2-day course, you will gain the skills necessary to successfully design, deploy and optimize a high-performance network monitoring and security solution. Filled with hands-on exercises and comprehensive demonstrations, this class will elevate your skills to maximize your network visibility and data management with Suricata. We will go in-depth in Suricata configuration and deployment considerations. You will learn which capture method is best for traffic acquisition, maximizing performance with runmodes and dive deep into Suricata’s detection engine and multi-pattern matchers. Discover how to expand Suricata’s detection and output capabilities with Lua scripting as well as anomaly detection and file extraction capabilities. Gain a deeper understanding of performance and tuning considerations through CPU affinity, Numa, threading and NIC RSS hashing. Alongside that understand specifics about deployments the cloud and the pros and cons of those. Details of what and how needs to be in place for the cloud security monitoring. Learn how to perform effective and exhaustive troubleshooting when situations like packet loss and system overloading occur. Finally, learn how to handle elephant flows, work with eXpress Data Path, how output generation affects your deployment and how to integrate Suricata with other tools such as an ELK stack, Splunk and other Linux-based distributions such as SELKS. This class also offers a unique opportunity to bring in-depth use cases, questions, challenges, and new ideas directly to the Suricata team.

You will walk away with a deep technical understanding and hands on experience with Suricata’s versatile arsenal of features and capabilities for a variety of deployment, usage, and integration scenarios.

Pre-requisites:

  • Laptop able to run a VM with at least 2 vCPUs and 6+ GB RAM
  • VMware Player or Latest Virtualbox, VMware Workstation/Fusion Administrative rights
  • No AV / Ability to temporarily disable
  • Please do not bring a company laptop containing sensitive materials or that you cannot modify