This two-part workshop is intended to prepare security practitioners to have immediate success with Suricata using the Stamus App for Splunk
Early bird pricing ends Dec 17!
Register here -> https://suricata-splunk-workshop2021.eventbrite.com/?ref=estw
Part 1: In-depth introduction to Suricata data and Splunk
Wednesday 20 January 2021 | 11am-3pm US Eastern Time
Attendees will receive a thorough technical introduction to Suricata data analysis using the Stamus Networks App for Splunk, designed for both Suricata sensors and Stamus Networks probes. Attendees will discover how to view network activity using application layer metadata extracted by Suricata. We will also explore the use of Suricata statistical data to perform sensor health check and assess system performance.
This session will also walk attendees through the various capabilities of the Stamus Networks App for Splunk, including the various dashboards and visualization available. After a brief introduction to the Splunk Processing Language (SPL) in the context of Suricata data, we will describe the EVE format that is used for all Suricata generated events. We will use this knowledge to perform data analysis and explore the visualizations using real-world Suricata data.
Part 2: Threat Hunting and Anomaly Detection with Suricata and Splunk
Thursday, 21 January 2021 | 11am-3pm US Eastern Time
In part 2, attendees will explore threat analysis, threat hunting, and anomaly detection that leverage both the IDS and NSM capabilities of Suricata . Before diving into threat hunting, we will spend time learning simple data queries and ultimately even the most complex queries of the Stamus Networks App for Splunk.
Using packet capture file examples from Malware Traffic Analysis, we will discover how to leverage Splunk to take full-advantage of the Suricata data to detect threats on the network.
- Attendees will have access to Suricata data via a dedicated Splunk instance and will perform hands-on exercises to experiment for themselves.
Who will benefit:
- Network security administrators
- Security analysts
Prerequisite knowledge:
- Basic knowledge of Splunk, including SPL
- Basic knowledge of Suricata
- Understanding of Suricata EVE format
- TCP/IP networking