June's webinar: Adding new rule keywords to Suricata: Live coding session

Hi all, our June webinar is next week!

Join our Philippe Antoine (@catenacyber) to learn more about how to add new rule keywords to our detection engine!

Suricata rule keywords add more power to our rule language, and make the rule writers’ life easier, by offering more ways of matching on network traffic content.

List of keyword candidates to be added:

  • flow.bytes_toclient
  • flow.bytes_toserver
  • flow.pkts_toclient
  • flow.pkts_toserver

Along with Suricata-verify tests for them.

This webinar is great for those who have an interest in understanding: how to add new rule keywords to Suricata; how to add suricata-verify tests for rule keywords; and, of course, how to properly keep all of that under version control while you are at it.

Philippe is a member of the Suricata dev team. He’s also the CEO and founder of Catena cyber. He aims to improve the cyberdefense level by freely developing tools for cybersecurity experts. He got his experience in cybersecurity and software development in ANSSI, the French national agency for cybersecurity, and LORIA, a research lab tackling malware, but also abroad: at MIT about bioinformatics and at Infineon in Munich, Germany, debugging VoIP drivers on embedded systems. He graduated from both Ecole Polytechnique and Telecom Paristech.

Save the date:
June 20th
1:30 pm UTC (1 hour long)

This webinar will be hosted via Zoom, register before the event to get a reminder:


Get this error :frowning:

At the moment the registration requires a Zoom account. Are you able to create an account, or have an existing one that you can use the email address of?

Sorry to hear that, some of our team members also faced this, I’ll tweak the webinar settings differently for the next one…

Meanwhile, the presentation has been uploaded by Jason: Adding new rule keywords to Suricata: Live coding session - YouTube :slight_smile: