[Oisf-users] 2nd Annual Suricata User Conference - Registration & Call for Speakers

Fri May 27 20:12:16 UTC 2016

This is Leonard Jacobs. I claim the NSM topic on the twist of how to be the best cyber security analyst you can be. It is on the spin of the Cyber Security Analysis coursework I have already developed. I.e How to use Suricata to be the best cyber security analyst you can be.

Thanks

Sent from my iPhone

> On May 27, 2016, at 12:00 PM, Victor Julien <lists at inliniac.net> wrote:
> 
>> On 27-05-16 18:47, David Wharton wrote:
>> I know some of you are thinking about ideas for SuriCon presentations so
>> I thought I'd throw out some ideas off the top of my head of things I'd
>> be interested in hearing about.  I'm not planning on using any of these
>> so feel free to take whatever you want.  There is overlap in these ideas
>> but hopefully they will at least inspire someone.
>> 
>> *1) Robust and accurate large scale testing of rule performance on Suricata*
>>    - latency
>>    - throughput
>>    - engine stats
>>    - ruleset stats
>>    - statistical analysis
>>    - data (pcaps) used
>>    - tools used
>> 
>> *2) 10G and beyond: setting up and tweaking Suricata for high bandwidth
>> links*
>>    - hardware requirements, including different price bands (e.g. if I
>> had $5K I'd do this, if I had $15K then this, etc.)
>>    - commodity vs specialized or custom hardware/software
>>    - OS / OS tweaks
>>    - suri tweaks
>>    - running inline without impacting the network
>>    - challenges / failures
>>    - ideally based on real-world experience
>> 
>> *3) Suricata Documentation: More important than you think*
>>    - past, present, and future of Suri documentation
>>    - the importance of documentation + vision
>>    - how to contribute
>>    - where you can contribute (areas lacking in documentation)
>> *
>> **4) Leveraging Lua scripting to turn Suricata into a Ninja*
>>    - setup/config
>>    - what you can/can't do
>>    - practical examples/war stories
>> 
>> *5) Don't tell my spouse I'm in love with JSON*
>>    - Suricata loves to output JSON
>>    - how to manage, use, and leverage this normalized data to get the
>> most out of what Suricata is giving.
>>    - integrating with big data solution (or medium data solution) ;)
>>    - examples/tools
> 
> I nominate Jason for this one ;)
> 
> 
>> *6) nftables changed my life and it can change yours too*
>>    - what it means for Suricata
>> 
>> *7) Zero 9's: how to achieve 100% uptime*
>>    - live ruleset reloads
>>    - how to safely be inline all the time
>> 
>> *8) Running Suricata Inline*
>>    - hardware
>>    - fail open/closed
>>    - configuration, tweaks
>>    - challenges, pitfalls
>> 
>> *9) She's all that: Suricata as a Network Security Monitor*
>>    - Suricata is touted as an IDS/IPS but it also has powerful NSM
>> capabilities
>>    - How to configure and leverage the sundry and often underutilized
>> NSM features
>>    - big data integration and use
>>    - Tool for compliance? (only if you run out of things to talk about
>> because compliance gets boring fast)
>> 
>> *10) Suricata vs. Latest Threats and Challenges*
>>    - exploit kits
>>    - ransomware
>>    - malicious email attachments
>>    - encrypted C2 channels
> 
> Great list David, thanks a lot.
> 
> -- 
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net