Eric Leblond
Eric Leblond is a cybersecurity professional and open-source developer focused on network threat detection. He is the co-founder and Chief Technology Officer (CTO) of Stamus Networks, a company that provides Network Detection and Response (NDR) solutions.
In the open-source security space, Leblond is a core developer of Suricata, an intrusion detection and prevention system (IDS/IPS). His work on the project centers around network visibility and alert context. He also serves on the board of directors for the Open Information Security Foundation (OISF), the non-profit organization behind Suricata.
Additionally, Eric Leblond is an emeritus member of the Netfilter Core Team, where his work involves kernel and user-space interactions.
Sessions
Suricata’s approach to handling Indicators of Compromise (IoCs) has fundamentally evolved from basic IP-only rules to the highly performant Dataset concept. The talk will outline the key advancements, particularly the evolution in Suricata 8.0 to support JSON-based context within Datasets. This upgrade is crucial as an IOC is nothing without context. With JSON datasets, alerts embed comprehensive threat context opening the way to performance improvement and integration ease.
This hands-on workshop provides an in-depth exploration of advanced techniques for maximizing network threat detection using Suricata. Building upon core Suricata capabilities, this session delves into critical areas such as effective utilization of metadata keywords, including MITRE and regular metadata, to enrich detection context. Participants will learn practical methods for achieving fast Indicator of Compromise (IOC) matching and strategies for managing multiple Suricata versions within diverse environments. The workshop will also cover leveraging the Suricata Language Server (SLS) for rule development and optimization, including interpreting performance hints and implementing Continuous Integration (CI) for rulesets using SLS in batch mode. This session is designed for cybersecurity professionals seeking to enhance their Suricata expertise and implement cutting-edge threat detection strategies. Attendees will leave equipped with actionable techniques and practical examples to improve their organization's security posture.