Threat hunting with SELKS and Suricata
Maximum numbers of participants: 20. Registration will be done on site.
This workshop will cover the threat hunting interfaces in SELKS, a threat hunting distribution using Suricata as intrusion detection system and network security monitoring engine. Attendee will learn how to make sense of Suricata alerts and will use this knowledge and integrated tools and interfaces to find relevant threats in sample of traffic provided as exercise.
Prerequesites
- Hardware: Laptop with at least 8Gb (16Gb recommended)
- Software:
- Virtualbox installed (VMWare is ok too)
- SELKS ISO downloaded from:
Speaker(s)
Eric Leblond (Stamus Networks), Peter Manev (Stamus Networks)
Bio
Éric is an active member of the open source community. He works on the development of Suricata, the open source IDS/IPS since 2009 and he is currently one of the Suricata core developers. He is a Netfilter Core Team member working mainly on communications between kernel and userland. He is also one of the founders of Stamus Networks, a company providing security solutions based on Suricata.
Peter has 15 years experience in the IT industry, including enterprise-level IT security practice. An adamant admirer and explorer of innovative open source security software, Peter is currently a co-founder and Chief Strategist Officer at Stamus Networks. Peter is a trainer for OISF and maintains some additional info points of interest about Suricata.