Join us at hack.lu 2025 — Info & Registration
Duration: 90 min
Type: Workshop
Speakers: Eric Leblond, Peter Manev
Abstract
This hands-on workshop provides an in-depth exploration of advanced techniques for maximizing network threat detection using Suricata. This session delves into critical areas such as effective utilization of metadata keywords, including MITRE and regular metadata, to enrich detection context. The workshop will also cover leveraging the Suricata Language Server (SLS) for rule development and optimization, including interpreting performance hints and implementing Continuous Integration (CI) for rulesets using SLS in batch mode.
Description
This hands-on workshop provides an in-depth exploration of advanced techniques for maximizing network threat detection using Suricata. Building upon core Suricata capabilities, this session delves into critical areas such as effective utilization of metadata keywords, including MITRE and regular metadata, to enrich detection context.
Participants will learn practical methods for achieving fast Indicator of Compromise (IOC) matching and strategies for managing multiple Suricata versions within diverse environments. The workshop will also cover leveraging the Suricata Language Server (SLS) for rule development and optimization, including interpreting performance hints and implementing Continuous Integration (CI) for rulesets using SLS in batch mode. Finally, live measurement of signatures performance will also be experimented with to see how it is possible to detect signatures impacting the overall performance of sensors.
This session is designed for cybersecurity professionals seeking to enhance their Suricata expertise and implement cutting-edge threat detection strategies. Attendees will leave equipped with actionable techniques and practical examples to improve their organization’s security posture through better description.