Suricata is a high-performance Network IDS, IPS and Network Security Monitoring engine sought after around the world. Open-source and managed by a community, Suricata is a part of the non-profit foundation; the Open Information Security Foundation (OISF). OISFs mission is to remain on the leading edge of open source IDS/IPS development by welcoming in open sources technologies looking for a community to support them.
This 2-day advanced user training led by Suricata's lead developers is being held the same week as SuriCon 2018 - join us for both and receive a 20% discount on this training!
To received your discount:Register for SuriCon by visiting www.suricon.net.Email us at firstname.lastname@example.org and let us know you are coming to SuriConWe will give you a one-time-only link to register for this training with the 20% discount.
Why should you come?
Developers and security professionals will walk away with a greater proficiency in Suricatas core technology and will have the unique opportunity to bring questions, challenges, and new ideas directly to Suricatas developers.
A sample of the topics that will be covered:
Day 1:Advanced performance factors and tuning techniquesCapture methods and run modesDetection engine and multi-pattern matchersRules, rulesets and rule syntax and optimizationExtending rules and outputs with Lua scriptingAutomatic protocol detection and anomaly detection File extraction: HTTP, SMTP, NFS, FTP/SMBv1-3PCAP processingTuning principles
Day 2:Enterprise ArchitectureIDS / IPS / IDPS / NSM deployment and setupServer HW / NIC / CPU architecture and selection processVirtual deployment considerations/tips and tricksPositive and negative packet lossCapture considerationsNuma, CPU affinity, threading and NIC RSS hashingFlows and elephant flowseXpress Data Path (XDP)Troubleshooting system overloadsManaging outputsIntegration with other Security Tools and Data StoresMake sense out of millions events on the wire
Pre-requisites:This is an intermediate to advanced level course. Students should have the following knowledge to get the most out of this training:Basic experience with installing, compiling, configuring and running Suricata is a must. Hands on Linux command line TCP/IP networking
Abstract - Short Course Description:
Network-based threat detection is crucial for developing a comprehensive security strategy, whether it is on-premise or in the cloud. In Advanced Deployment and Architecture for Network Traffic Analysis, you will learn how to maximize the visibility that Suricata can provide into your network. You will gain deep technical understanding and hands-on experience with Suricatas versatile arsenal of features and capabilities for a variety of deployment, usage, and integration scenarios. Tuning and optimizing Suricata for threat/anomaly detection, file extraction, and/or protocol detection are critical for a successful deployment. You will also learn traditional and non-traditional tips, tricks, and techniques to implement Suricata and its newest features based on real-world deployment experiences, to include cloud-based deployments. This class also offers a unique opportunity to bring in-depth use cases, questions, and challenges directly to the Suricata team. By the end of this course, you will be able to successfully design, deploy, implement, optimize and hunt with your high-performance Suricata deployment.
Full Course Description:
The foundation for effective intrusion detection and response is based on proper sensor placement and configuration. Sensor placement is crucial for developing a comprehensive network security and monitoring solution. Misconfigurations and improper placement can lead to gaps in network visibility, which can allow attackers to go undetected for prolonged periods of time and to penetrate deeper into your network. In Suricata Advanced Deployment and Architecture, you will learn the skills necessary to successfully design, deploy and optimize a high-performance network monitoring and security solution. Filled with hands-on exercises and comprehensive demonstrations, this class will elevate your skills to maximize your network visibility and data management with Suricata. By the end of this course you will deep technical understanding and hands on experience with Suricatas versatile arsenal of features and capabilities for a variety of deployment, usage, and integration scenarios.
This course will go in-depth in Suricata configuration and deployment considerations. You will learn which capture method is best for traffic acquisition, maximizing performance with runmodes and dive deep into Suricatas detection engine and multi-pattern matchers. Discover how to expand Suricatas detection and output capabilities with Lua scripting as well as anomaly detection and file extraction capabilities. Gain a deeper understanding of performance and tuning considerations through CPU affinity, Numa, threading and NIC RSS hashing. Alongside that understand specifics about deployments the cloud and the pros and cons of those. Details of what and how needs to be in place for the cloud security monitoring. Learn how to perform effective and exhaustive troubleshooting when situations like packet loss and system overloading occur. Finally, learn how to handle elephant flows, work with eXpress Data Path, how output generation affects your deployment and how to integrate Suricata with other tools such as an ELK stack, Splunk and other Linux-based distributions such as SELKS. This class also offers a unique opportunity to bring in-depth use cases, questions, challenges, and new ideas directly to the Suricata team. Take your deployment and configuration skills to an expert level with Suricata Advanced Deployment and Architecture!
We hope to see you there!
Net proceeds from this and all OISF's training events go directly to funding Suricata's development and OISF's mission to supporting open source security technologies. For questions about this event or about becoming a member of the OISF community please contact us at email@example.com.