OISF-Suricata
OISF-Suricata
  • 118
  • 184 454

วีดีโอ

Pre-SuriCon 2024 Webinar: Using SuricataLog to Analyze Your Events
มุมมอง 181หลายเดือนก่อน
Pre-SuriCon 2024 Webinar: Using SuricataLog to Analyze Your Events
Pre-SuriCon Webinar: Crafting Custom Yara rules for Ransomware Detection
มุมมอง 122หลายเดือนก่อน
A Suricata webinar with Josh Stroschein and Francisco Perdomo Join cybersecurity experts Josh Stroschein and Francisco Perdomo for a webinar based on their recent DEFCON 32 workshop “Dissecting Malware for Defense - Crafting Custom Yara Rules”. Learn how to combat sophisticated ransomware threats by leveraging malware analysis, and crowdsourced intelligence, and build tailored Yara rules to det...
Automating Suricata Rule Validation with Dierentuin and Zoo Pre SuriCon Webinar 29 08 2024
มุมมอง 3022 หลายเดือนก่อน
Check out this pre-SuriCon2024 webinar with Pim Sanders. Ever wonder how a meerkat, snake, whale, fox and shark can team up to tackle cybersecurity? Meet Dierentuin (Dutch for zoo) and Zoo, two proofs of concept developed to demonstrate the feasibility of automating the testing and validation of Suricata rules within a streamlined CI/CD pipeline. The methodology employs Python scripts to test S...
06: Suricata PCAP Replay: How-To Analyze Pre-Recorded Network Traffic
มุมมอง 3092 หลายเดือนก่อน
Hey everyone, and welcome back to the channel! While Suricata shines at capturing live traffic at high speeds, did you know it can also analyze pre-recorded network data? Today, we're taking a deeper dive into Suricata’s replay mode, which is Suricata’s ability to replay network traffic from PCAP files. This lets you: - Load individual PCAP files for focused analysis of specific network events....
05: Suricata Rule Management with Suricata-Update
มุมมอง 3352 หลายเดือนก่อน
Suricata provides valuable network data even without rules, but its true strength lies in real-time threat detection using customizable rules. These rules can be used to detect threats, anomalies, and a variety of other activities in your network traffic. Suricata-Update simplifies managing rules and rule sets, including the popular Emerging Threats Open rule set. This video will guide you thro...
04: Capturing all the Packets - Running Suricata as a System Service
มุมมอง 3072 หลายเดือนก่อน
Suricata has two primary modes of operation - to listen on a network interface in real-time to capture network data. Or, to ingest PCAPs in an offline mode. Listening to network traffic in real-time is going to be the most common way Suricata is configured and deployed and in this video, we’ll briefly discuss how to use systemd to control Suricata, reload rules, and install Suricata as a service.
03: I’ve Installed Suricata - Now What? Essential Suricata Configuration
มุมมอง 4532 หลายเดือนก่อน
Suricata provides an easy installation path using pre-built binaries for several popular operating systems. But what do you do after you’ve installed Suricata? In this video, we’ll explore Suricata’s configuration file and identify essential elements to get your network monitoring up and running!
02: Installing Suricata on AlmaLinux
มุมมอง 2312 หลายเดือนก่อน
Suricata is high-performance, open-source network analysis and threat detection software used around the globe. Suricata not only produces high-fidelity network alerts, but also a wide variety of other critical network protocol , file transaction, and flow data, all in an industry standard JSON format for easy ingestion into many popular SIEMS - but what’s the quickest way to get started? In th...
01: What’s the quickest way to install Suricata in Ubuntu? Let’s explore the OISF PPA
มุมมอง 4102 หลายเดือนก่อน
Suricata is a high-performance, open-source network analysis, and threat detection software used around the globe. Suricata not only produces high-fidelity network alerts, but also a wide variety of other critical network protocol, file transaction, and flow data, all in an industry-standard JSON format for easy ingestion into many popular SIEMS - but what’s the quickest way to get started? In ...
Webinar: Smart IDS Suricata (Pre-SuriCon 2024 Series)
มุมมอง 3703 หลายเดือนก่อน
In the first episode of this series, Dr. Amine Berqia and his team present the project Smart IDS Suricata. The project Smart IDS at the Smart Systems Lab SSL - National School of Computer Science and Systems Analysis (ENSIAS) consists on developing an intelligent Intrusion Detection System (IDS) using Suricata and machine learning techniques. Recognizing the increasing importance of securing se...
Meerkat Reinforcement: Increasing the Scope of Suricata Keywords and Hardening its Codebase
มุมมอง 2528 หลายเดือนก่อน
Welcome to Suricata's first webinar of 2024, which went live on Feb 29, 2024, at 1 pm UTC. This is our traditional Suricata Outreachy Webinar, in which we wrap up and celebrate another successful internship round! Our speakers Hadiqa Alamdar Bukhari and Daniel Eniola Olatunji will share about their Outreachy journeys before starting their projects, as well as dive into the contributions they've...
Quickstart Suricata setup for new developers & Outreachy applicants
มุมมอง 385ปีที่แล้ว
A live session focused on beginner-lever development, where Suricata engineers and mentors Jason Ish, Juliana Fajardini, and Shivani Bhardwaj share some Suricata basics using an Ubuntu Virtual Machine, such as: - how to build, quick setup and run Suricata - how to test Suricata to see if it is inspecting your network and generating alerts - check EVE.JSON and fast.log output - run Suricata-Veri...
Using jq for Suricata Log Parsing
มุมมอง 1.3Kปีที่แล้ว
The jq tool is very useful for quickly parsing and filtering JSON files. In Suricata's July webinar, join our QA expert, Corey Thomas, as he shares and demonstrates several jq tricks and commands to more efficiently parse the main Suricata log: eve.json, and filter useful information for threat hunting, troubleshooting, and more. We'll also be sharing a jq cheat sheet, for quick access to what ...
Adding new rule keywords to Suricata: Live coding session
มุมมอง 545ปีที่แล้ว
Suricata rule keywords add more power to our rule language, and make the rule writers' life easier, by offering more ways of matching on network traffic content. In Suricata's June 2023 webinar, we learn more about how to add new rule keywords to our detection engine, including: Overview of the whole contribution process, from creating ticket, new branch, commits etc Adding a new Suricata-verif...
Embarking on a Cybersecurity Journey with Suricata - talk at Brno University of Technology
มุมมอง 386ปีที่แล้ว
Embarking on a Cybersecurity Journey with Suricata - talk at Brno University of Technology
Suricata and DPDK: Everything You Need to Know
มุมมอง 3.2Kปีที่แล้ว
Suricata and DPDK: Everything You Need to Know
Webinar: Tackling Frame Challenges and Boosting Code Coverage for New Suricata Devs
มุมมอง 192ปีที่แล้ว
Webinar: Tackling Frame Challenges and Boosting Code Coverage for New Suricata Devs
Suricata's Integration with Cyber Ranges
มุมมอง 196ปีที่แล้ว
Suricata's Integration with Cyber Ranges
Jupyter Playbooks for Suricata
มุมมอง 645ปีที่แล้ว
Jupyter Playbooks for Suricata
Accelerating Suricata with DPDK Prefilters: 386 Days Later
มุมมอง 267ปีที่แล้ว
Accelerating Suricata with DPDK Prefilters: 386 Days Later
Customizable Decay: How to Maximize Suricata Event Utility in Finite Space
มุมมอง 125ปีที่แล้ว
Customizable Decay: How to Maximize Suricata Event Utility in Finite Space
Enhancing Suricata Performance with a DPI Engine
มุมมอง 335ปีที่แล้ว
Enhancing Suricata Performance with a DPI Engine
Distributed Sensor Network Using Suricata on a Brazilian Academic Network
มุมมอง 191ปีที่แล้ว
Distributed Sensor Network Using Suricata on a Brazilian Academic Network
In Hot Pursuit: Hunting with Metadata for Recently Disclosed CVEs
มุมมอง 174ปีที่แล้ว
In Hot Pursuit: Hunting with Metadata for Recently Disclosed CVEs
Detecting Lateral Movements with Suricata Multi-Tenant Setups in Zero Trust Network Architectures
มุมมอง 362ปีที่แล้ว
Detecting Lateral Movements with Suricata Multi-Tenant Setups in Zero Trust Network Architectures
Lightning Talk: Suricata Landlock Support
มุมมอง 58ปีที่แล้ว
Lightning Talk: Suricata Landlock Support
Lightning Talk: Tune Rulesets with Metadata Tags
มุมมอง 216ปีที่แล้ว
Lightning Talk: Tune Rulesets with Metadata Tags
Lightning Talk: Parsing with Spicy
มุมมอง 59ปีที่แล้ว
Lightning Talk: Parsing with Spicy
Adding a New Protocol to Suricata: Live!
มุมมอง 307ปีที่แล้ว
Adding a New Protocol to Suricata: Live!

ความคิดเห็น

  • @over-there
    @over-there หลายเดือนก่อน

    Suricata also has built in commands to analyze recorded pcaps

  • @person7865
    @person7865 2 หลายเดือนก่อน

    Is there a github for some of the examples in this video?

  • @TravisGreen-j1f
    @TravisGreen-j1f 2 หลายเดือนก่อน

    Thanks for the shout out

  • @viking8889
    @viking8889 7 หลายเดือนก่อน

    people still use built in mics? high tech software, but low tech hardware.

  • @user-ty3iy8bk2l
    @user-ty3iy8bk2l ปีที่แล้ว

    Awesome! Thank you!

  • @galaxy4046
    @galaxy4046 ปีที่แล้ว

    I hope we will see an new version witz suricata 6 on OPNsense. Current It looks, it dosn`t work.

  • @lertbert6110
    @lertbert6110 ปีที่แล้ว

    Really cool! Thank's!

    • @julianafajardinitech
      @julianafajardinitech ปีที่แล้ว

      We're glad you liked it! If you have suggestions for other Suricata webinars, do let us know :)

  • @CyberTunis
    @CyberTunis ปีที่แล้ว

    Hello, I config suricata on cuckoo sandbox which is on ubuntu vm 18.04 the problem is when i add the socket in processing.conf and in suricata.yaml then run the command "sudo suricata -c /etc/suricata/suricata.yaml -k none --runmode=autofp --user=cuckoo --unix-socket -vvv" i get " unix socket bind(/var/run/suricata/cuckoo.socket) erroe: permission denied" "unable to create unix command socket" I tried to add full path in suricata.yaml but still nothing works

    • @manofhonestdestiny5403
      @manofhonestdestiny5403 7 หลายเดือนก่อน

      Hi, have you got a solution how to open accessibility to this dirictory to create a socket?

  • @marcellogambetti9458
    @marcellogambetti9458 ปีที่แล้ว

    incomprehensible due to french accent. and bad low audio...very poor

  • @t_green
    @t_green ปีที่แล้ว

    Markus is always working on something interesting, thanks for sharing!

  • @saschapeter5882
    @saschapeter5882 ปีที่แล้ว

    Would be nice to see an update on this topic as the config has been changed a bit with the policies.

    • @ecotts
      @ecotts ปีที่แล้ว

      100%

  • @moeal5110
    @moeal5110 ปีที่แล้ว

    I was able to follow up to the point to show the output in eveBox. I selected all but nothing is showing? Not sure where to look from here

    • @commentor93
      @commentor93 ปีที่แล้ว

      I found the solution via this video: th-cam.com/video/v_K_zoPGpdk/w-d-xo.html You have to uncomment the evebox-oneshot-line at the end of the suricata-ingest-pcap.sh-file. Then it works :-)

  • @PowerUsr1
    @PowerUsr1 ปีที่แล้ว

    I defintely disagree with enabling everything. If you want your IDS to be completely useless, enable every rule there is. Not good advice here.

  • @telephreak
    @telephreak ปีที่แล้ว

    Note: We've since added the "community-id" into the NDP output.

  • @nkorochinaechetam2516
    @nkorochinaechetam2516 2 ปีที่แล้ว

    nice tutorial

  • @johnwoo448
    @johnwoo448 2 ปีที่แล้ว

    I have installed OPNsense 22.7.8-amd64 on Nov 19 2022. I have tried to install as presented in the video. However, the detection of allowed and drop for the Ricardo test file did not appear in the Alert section. In my Intrusion Detection - Download - Rulesets, there are only Orange Colored Buttons for Enable selected and Disable selected. Enable (drop filter) and Enable (clear filter) buttons are not there, thus I am not able to enable the Drop Filter. Appreciate help!! Thanks!!

  • @kathleenchad3822
    @kathleenchad3822 2 ปีที่แล้ว

    What is the R-core github address?

  • @ashotpastazhyan9734
    @ashotpastazhyan9734 2 ปีที่แล้ว

    Thank you, guys, for this great explanation for beginners. It would be nice to have all those link from the presentation here in the video description field. Thanks again. Like and subscription.

  • @AB-fg4mh
    @AB-fg4mh 2 ปีที่แล้ว

    Thanks for the video! it's great and helped me out! I'm running Suricata on Debian and came across an error when having to run the pcap file. After a bunch of research, I learn I had to update the default file path under the suricata.yaml file to point to /var/lib/suricata/rules/. Debian auto downloaded version 6.0.1 for me. Not sure if this mix-up was fixed in later patches! Have a great one!

  • @m.m.m.c.a.k.e
    @m.m.m.c.a.k.e 2 ปีที่แล้ว

    Thank you that was very nice. Do you have meeting minutes for highlights? Thank you for your time! Be well.

  • @m.m.m.c.a.k.e
    @m.m.m.c.a.k.e 2 ปีที่แล้ว

    Thank you guys that was very nice. Are there meeting minutes or highlights I can reference?

  • @JM-te2lb
    @JM-te2lb 2 ปีที่แล้ว

    Can you tell me how to change the interface from eth0 to something else? I tried to copy and paste it but I cannot delete it under af-packet. I am using the vi editor in Ubuntu

  • @tamvo737
    @tamvo737 2 ปีที่แล้ว

    yes

  • @mithubopensourcelab482
    @mithubopensourcelab482 2 ปีที่แล้ว

    Excellent Video. But as of today that is Aug 30, 2022 I can confirm you that Suricata is not working on OpnSense.

    • @robing6124
      @robing6124 2 ปีที่แล้ว

      it works great !?

  • @trendyniro
    @trendyniro 2 ปีที่แล้ว

    Thank you the clear explanation.

  • @---tr9qg
    @---tr9qg 2 ปีที่แล้ว

    Hi team. Thanks for this cool introduction. One question about. Can we combine suricata and clamav on one box? Is it was good or bad solution?

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      They are not related to each other, so mixing should be fine. We don't anticipate either program getting in the other's way.

  • @afuhryan8265
    @afuhryan8265 2 ปีที่แล้ว

    What Ubuntu version is that

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      This demonstration uses 20.04.01 LTS. You can find more informatoin for installation and setup here: suricata.readthedocs.io/en/suricata-6.0.5/quickstart.html#installation

  • @tanmaynayak6169
    @tanmaynayak6169 2 ปีที่แล้ว

    thanks for this, we can hope more like this

  • @vitopiserchia1116
    @vitopiserchia1116 2 ปีที่แล้ว

    there is a link for this results anywhere as said many times by the presenter?

  • @kodaxeduhman2824
    @kodaxeduhman2824 2 ปีที่แล้ว

    Guys don't forget to install jq otherwise you won't be able to see the alerts (i guess): sudo apt update sudo apt install jq

  • @kodaxeduhman2824
    @kodaxeduhman2824 2 ปีที่แล้ว

    I tried to follow you everything works find till the minute 13 I didn't get any alerts :(

    • @kodaxeduhman2824
      @kodaxeduhman2824 2 ปีที่แล้ว

      Ok I figured it out. We have to change the dir for the suricata rule

    • @naeemali7369
      @naeemali7369 2 ปีที่แล้ว

      @@kodaxeduhman2824 hello, how do I do that ?

    • @kodaxeduhman2824
      @kodaxeduhman2824 2 ปีที่แล้ว

      ​@@naeemali7369 I would like to tell you that I did this as a personal project and I dumped the project because I needed to prepare many things to make the project works as I intended. Also I'm not an expert :) But if you want to fix the same problem that I faced, you have to modify the configuration file called "suricata-yaml" usually placed on "/etc/suricata" I'm not sure exactly where it's exact location but once you open the file search for something like "default-rule-path" you have to change it to the one he modified in the suricata-update script I believe it was "/var/lib/suricata/rules/" if I'm not mistaken. The other issue I faced was I had to do the permissions manually.

    • @naeemali7369
      @naeemali7369 2 ปีที่แล้ว

      @@kodaxeduhman2824 I'm working on that now, thank you for taking your time to reply me.

  • @sunitakumari-ch6oj
    @sunitakumari-ch6oj 2 ปีที่แล้ว

    Great to see women leading team in security software

  • @JEN-ge1lu
    @JEN-ge1lu 2 ปีที่แล้ว

    thanx man... really helpful <3

  • @eliassal1
    @eliassal1 2 ปีที่แล้ว

    I installed Suricata on Centos, is there any "getting started" wiki or help page? Thanks

  • @robmorin
    @robmorin 2 ปีที่แล้ว

    Nice video, except... out of the blue you start talking about this pcap & script file, where does the pcap file come from, what does it do? why are we running this script to process the pcap file? DO we need to run a script for each thing we monitor.... It's a but confusing. Its odd that you explain why you need to do a ./script name to run a script , but do not explain other stuff that is more complicated. Did I miss more than your first 2 videos? Thanks!

  • @dronearon3085
    @dronearon3085 2 ปีที่แล้ว

    nice share..

  • @blodreina6148
    @blodreina6148 2 ปีที่แล้ว

    The one time i wished i knew French

  • @Brian-nz6ns
    @Brian-nz6ns 2 ปีที่แล้ว

    Peter's audio is not intelligible. Please don't ruin your 48 minute webinar with bad audio

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      Thank you for the heads-up, we'll make sure to adjust that going forward.

    • @EricLeblond
      @EricLeblond 2 ปีที่แล้ว

      Volume is really lower indeed. Increasing the volume gives a decent result.

  • @terminalreset18
    @terminalreset18 2 ปีที่แล้ว

    Outstanding presentation! Thank you!

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      Glad you enjoyed it!

  • @edking6609
    @edking6609 2 ปีที่แล้ว

    When it's releasing , need this ASAP :(

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      While we don't have a specific date yet, it should be this spring yet!

  • @WatsonInfosec
    @WatsonInfosec 2 ปีที่แล้ว

    Awesome job! I his was very informational.

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      Glad it was helpful!

  • @Catge
    @Catge 2 ปีที่แล้ว

    great

  • @Catge
    @Catge 2 ปีที่แล้ว

    Great analysis

  • @jacklee4507
    @jacklee4507 2 ปีที่แล้ว

    Thank you!!!!!

  • @Charon_0x04
    @Charon_0x04 2 ปีที่แล้ว

    Thank you so much overall webinar is great. However, I am wondering if you guys could share some tutorial containing installation of Suricata with Arkime including their configurations. This video is really informational details like configuration are missing.

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      Great suggestion! I'll add that to our list and hopefully get something produced soon.

  • @petarsimovic5628
    @petarsimovic5628 2 ปีที่แล้ว

    Thanks for this analysis

  • @renlie7753
    @renlie7753 2 ปีที่แล้ว

    Really Nice Channel!!!!

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      Thank you, glad you are enjoying it!

  • @aneeschughtai6725
    @aneeschughtai6725 2 ปีที่แล้ว

    - Add Emerging Threats Open phishing rules in it and check if suricata is detecting and blocking against phishing attacks.

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      Great suggestion, ET Open provides a great, and free, rule set to get started. It can be noisy though, so may need a little tuning.

  • @jonnytheponny5753
    @jonnytheponny5753 3 ปีที่แล้ว

    In the Slides there is the name "Kaspersky". how is Kaspersky related to suricata?? is Suricata embedded in their software? thanks.

    • @tthtlc
      @tthtlc 3 ปีที่แล้ว

      whether suricata software (which is opensource GPL 2.0, so unlikely to be used by Kaspersky) not sure, but the signature itself is used - here you can submit a signature to Kaspersky: support.kaspersky.com/KATA/3.7/en-US/197084.htm

    • @jonnytheponny5753
      @jonnytheponny5753 3 ปีที่แล้ว

      @@tthtlc Thanks very much for your informative answer!

    • @OISFSuricata
      @OISFSuricata 2 ปีที่แล้ว

      Hey! Sorry for the late reply, to clarify - our guest speaker works for Kaspersky as (at least in part) a rule writer for them. She is also an active member of the Suricata community. However, Suricata is a stand-alone project.

  • @faridabbasli1860
    @faridabbasli1860 3 ปีที่แล้ว

    Hello, thank you for webinar. Can you show how to configure splunk with suricata SELKS