[Oisf-devel] Dev Training in Paris - $500 Discount & Agenda
Kelley Misata
kmisata at oisf.net
Wed Jul 13 19:44:54 UTC 2016
*$500 Discount 5-Day Developer Training*
Paris, France
September 12 - 16
Don't miss this opportunity to attend the 5-day Suricata training designed
for and led by developers. This *annual* training event will teach you how
to extend Suricata's features and functionalities. You will also have
direct access to the Suricata's developers for questions and help.
*REGISTER BEFORE JULY 15 and receive $500 off!*
Early Bird Registration
<https://5-daydevtraining-paris.eventbrite.com/?discount=EarlyBird>
*Want know more... check out the agenda:*
Each day each of the major topics below will be started with a lecture,
then a walk through followed by an exercise. During the days there will be
plenty of time for questions and discussion.
- Day 1
- Introduction into Suricata development... we will go into
development tools and procedures. We will give a high-level
overview of the
Suricata architecture, of debugging techniques, QA, etc.
- Building a packet decoder - Packet decoders are low-level parsers
for L2, L3 and L4 protocols. Think about ethernet, vlan, IP or TCP.
- Day 2
- Creating a simple detection module - Simple low-level detection
keywords that inspects properties of individual packets. Such
keywords are
used to inspect fields like TCP flags. As an extension of this,
we'll look
into the Lua detection API.
- App Layer - The app layer API is the primary way of dealing with L7
protocols such as HTTP, TLS, etc. These parsers run on top of TCP (with
stream reassembly) and UDP. The API has many aspects so we'll
spend quite a
bit of time on this.
- Day 3
- App Layer Decoder - Implement a basic parser, hook it into the
engine and take care of things like memory management, transaction
handling, error handling, exception handling. Reporting on bad &
non-compliant traffic.
- Day 4
- App Layer Logger - Dive into the logging API, with hooking
a logger for the new protocol parser into the EVE json output.
Additionally,
exposing the new protocol to the Lua output API.
- App Layer Detection - when parsing a protocol often the goal is to
expose parts of it to the detection engine. This is about hooking the
detection logic into the engine. It will also address things like
normalization of data.
- Day 5
- Detection keywords using string/array buffers can be hooked into
the Multi Pattern Matcher (MPM) engine for optimal performance.
- Q&A Session
--
*Kelley Misata*
*Executive Director*
*kmisata at oisf.net <kmisata at oisf.net>*
*twitter:@OISFoundation*
*www.oisf.net <http://www.oisf.net>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160713/802f8d72/attachment.html>
More information about the Oisf-devel
mailing list