Hello all,
you can already register for the next episode of our Pre-SuriCon webinar series, with Pim Sanders from Fox-IT: Automating Suricata Rule Validation with Dierentuin and Zoo.
If you’ve ever wondered how a meerkat, snake, whale, fox and shark can team up to tackle cybersecurity, prepare to meet Dierentuin (Dutch for zoo) and Zoo, two proofs of concept developed to demonstrate the feasibility of automating the testing and validation of Suricata rules within a streamlined CI/CD pipeline. The methodology employs Python scripts to test Suricata detection rules in Docker containers all orchestrated within a GitLab CI/CD environment. This automated framework ensures that new or updated detection rules can be rigorously tested against true positive data, enhancing the reliability of network detection.
Inspired by the robust testing methodologies in software development, Dierentuin and Zoo employ principles from continuous integration and continuous deployment (CI/CD) to improve rule quality. Just as software development uses automated testing to ensure code quality and functionality, these proofs of concept apply similar practices to validate intrusion detection rules.
This session will cover
Architectural design of Dierentuin and Zoo, detailing the integration of Suricata for intrusion detection, Python for Scripting, Docker for containerization, CloudShark for packet capture storage and GitLab CI/CD for orchestration. Attendees will learn about the challenges encountered during the development of these systems and the solutions employed to overcome them, as well as the practical implications of deploying such automated systems in real-world cybersecurity contexts.
By the end of the webinar, attendees will be equipped with the knowledge to deploy similar automated testing frameworks in their own environments, thereby improving the accuracy of their intrusion detection systems.
The Speaker
Pim Sanders is a cybersecurity student and enthusiast from the Netherlands. He created Dierentuin and Zoo during his internship as part of the Security Research Team at Fox-IT, where he now works as a Junior Security Researcher.
Save the date
August 29th
4 PM UTC
This is a free webinar hosted with Zoom
Register: Webinar Registration - Zoom
