SuriCon2024 Intrusion Analysis & Threat Hunting [PRE-CONFERENCE TRAINING]

Delivered by Suricata developers, this 2-day user training is held the same week as SuriCon2024 - join us for both and receive a 20% discount on this training!

Suricata has been and is a fundamental part of any security monitoring stack by way of providing network visibility, detection and security policies audit since 2009, widely used by many big and small organizations alike around the world both on prem and in the cloud.

In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. In Intrusion Analysis and Threat Hunting with Open Source Tools, you will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches. We will explore all phases of adversary tactics and techniques - from delivery mechanisms to post-infection traffic and data exfiltration to get hands-on analysis experience. Open-source tools such as Suricata, Arkime and Kibana will be utilized to generate data, perform exhaustive traffic analysis, and develop comprehensive threat hunting strategies.

This training also offers a unique opportunity to bring in-depth use cases, questions, and challenges directly to the Suricata development team. By the end of this course, you will have the knowledge and skills necessary to discover new threats in your network and build an effective threat hunting program.

How to receive your discount:

1. Purchase your ticket for SuriCon2024 by visiting https://suricon2024-madrid.eventbrite.com.
2. Email us at [email protected] and let us know your intention to attend both events.
3. We'll provide a single-use discount link to register for the training.

MORE INFORMATION:

Who should attend:

• Security Administrators
• Enterprise Defenders
• Incident Responders
• Security Operations Specialists
• Security Analysts
• Malware Analysts

Pre-requisites: This is an intermediate to advanced level course. Students should have the following knowledge to get the most out of this training:

• General understanding and/or use of Suricata
• Being able to import and run a VM (minimum 2CPU / 5GB RAM) on your laptop
• Basic understanding of IDS/IPS/NSM principles

A sample of the topics that will be covered:

• Gaps in security visibility that Suricata covers
• Cover specific cases of Do’s and Dont’s during hunting
• Suricata detection and monitoring with encrypted traffic
• How to - IoC/pattern match vs more stateful detection logic
• New additions and use cases in Suricata 7 both in terms of detection and deployment (e.g. protocols, rule keywords, conditional pcap logging)
• How to use the data generated from Suricata effectively
• Learn the fundamentals of rule writing, management and rule comprehension
• Where to find exact reproducible cases of signature keywords usage.
• Recognize traffic anomalies
• Analyze real malware traffic generated from APT tools, Loders, Stealers
• Free sources of real malware network traffic
• Learn how to pivot with off Suricata data in structured and unstructured hunts
• Learn different usage techniques for hunting
• Rules vs. Kibana / Splunk / SIEM style queries over network protocol and flow (NSM) data
• Lateral detection techniques in Windows environments (SMB/DCERPC)
• Exercises using Machine Learning, Pandas, Jupyter on Suricata generated data.
• Pros and cons vs traditional methods and pivots from a security analyst's perspective.
• Make sense out of millions events on the wire

Enhance your experience by attending our pre-conference training sessions on November 11th and 12th. These sessions provide in-depth knowledge and hands-on experience. As a SuriCon attendee, you're eligible for a 20% discount on these valuable courses, available both in-person and virtually. For registration and details visit Advanced Deployment and Configuration and Intrusion Detection and Threat Hunting.

Refund Policy for SuriCon2024 (Trainings and Conference)

We value your commitment to SuriCon. However, we understand that plans can change, and we aim to be as accommodating as possible within our operational constraints. Please see our refund and credit policy below.

• Refunds: Refunds are not available except in specific circumstances. We will issue refunds only if we need to cancel a training due to low enrollment or events beyond our control, such as catastrophic world events (e.g., natural disasters, global health emergencies).
• Cancellations by Participants: If you need to cancel your ticket, please notify us at least by November 1, 2024. While refunds are not available for cancellations, we are pleased to offer a credit towards a ticket for SuriCon2025 conference or training (which ever is applicable). This advance notice helps to ensure OISF does not incur unnecessary expenditures.
• Credit Details: Credits for future training are subject to availability and will cover the full cost of your original ticket and can be transferred to another individual if you are unable to attend.
• Exceptions: In cases of personal emergency or health issues, please contact us to discuss potential accommodations, which may include exceptions to our standard policy.

Please note, all net proceeds from SuriCon2024 and all related training events directly fund the development of Suricata and support OISF's mission.

Contact: For queries, feel free to reach out at [email protected] or visit https://suricon.net.

Host or Publisher OISF