Join us at hack.lu 2025 — Info & Registration
Duration: 120 min
Type: Training
Speakers: Eric Leblond, Peter Manev
Abstract
Suricata is a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets. Suricata provides network protocol, flow, alert, anomaly logs, file extraction and PCAP capture at very high speeds.
This hands-on training will focus on a few new and ground breaking detection additions of the new Suricata 8 release, like transactional rules, data/datajson sets, new protocols and keywords available such as entropy matching.
Description
Suricata is a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets. Suricata provides network protocol, flow, alert, anomaly logs, file extraction and PCAP capture at very high speeds.
This hands-on training will focus on a few new and ground breaking detection additions of the new Suricata 8 release, like transactional rules, data/datajson sets, new protocols and keywords available such as entropy matching.
The training will also cover threat detection engineering by showing how the rules language can be used to add the maximum of useful context to the detection events.
The training will cover actual use cases and the detection benefits of the new features in Suricata 8 alongside with examples that trainees can take away and readily implement at home or work. The training will also showcase features that provide for substantial detection and deployment improvements in terms of time and management in digesting shared threat intelligence. We will also review the new features and their benefits with actual malware pcap traces - providing direct mapping of some of the new features and their usability to actual detection.
Attendees can expect to leave with new knowledge , actual use cases and detection deployment techniques that can be implemented right away to give an edge over the adversaries.