2022-07-06, 14:00–17:00 (Europe/Paris), Workshop Room
Threat hunting with network data can be done with Suricata that combines a signature based IDS with network security monitoring capabilities. In this workshop we will show through SELKS usage. SELKS is a complete network threat hunting stack based on Suricata and Elasticsearch. We will use some of the recent capabilities of Suricata like dataset to show that it goes far beyond the traditional role of an IDS.
Organization note: registration to the workshop will be done directly on-site during the event. Nothing to do on-line.
With this workshop, attendees will get a good understanding of Suricata generated data and of some of its main features. By working an network trace, we will see how it is possible to understand a network, discover threats and deploy detection at the organization level.
Prerequisites: hardware requirements for the attendees is a computer with at least 2 cores and 9 Gb of memory running preferably under Linux but Windows or MacOS X should work.
Maximum of 15 participants.
Éric Leblond is the Co-Founder and Chief Technology Officer (CTO) of Stamus Networks and a member of the executive team at Open Network Security Foundation (OISF). Leblond has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open source communities. He has worked on the development of Suricata, the open source network threat detection engine, since 2009 and is part of the Netfilter Core team who is in charge of the Linux kernel's firewall layer. E. Leblond is a well-respected expert and speaker on all things network security.