<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Stamus Networks at Suricon 2024

by Dallon Robinette | Nov 05, 2024 | Events

Each year, Suricon attracts visitors from around the world for three days of training and discussion focused entirely on the popular open-source intrusion detection system (IDS), Suricata. The 10th annual Suricon event takes place 13-15 November, 2024 in Madrid, Spain at the Hotel Riu Plaza España.

This year, Stamus Networks’ co-founders Peter Manev and Éric Leblond will be joined by Stamus engineers Markus Kont and Andreas Herz for several different training sessions and speaking engagements over the three day conference.

Training Session 1: Intrusion Analysis & Threat Hunting

In this session led by Peter Manev, attendees will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches using Suricata. Open-source tools such as Suricata, Arkime and Kibana will be utilized to generate data, perform exhaustive traffic analysis, and develop comprehensive threat hunting strategies.

  • Date: Monday, 11 November - Tuesday, 12 November, 2024 (Pre-Conference Training)
  • Time: 8:00 AM - 5:00 PM CET
  • Location: Hotel Riu Plaza España, Madrid, Spain

Training Session 2: Advanced Deployment & Configuration

Éric Leblond will lead this two-day session where attendees will learn how to maximize the visibility that Suricata can provide into the network. Attendees will gain deep technical understanding and hands-on experience with Suricata’s versatile arsenal of features and capabilities for a variety of deployment, usage, and integration scenarios. Tuning and optimizing Suricata for threat/anomaly detection, file extraction, and/or protocol detection are critical for a successful deployment.

  • Date: Monday, 11 November - Tuesday, 12 November, 2024 (Pre-Conference Training)
  • Time: 8:00 AM - 5:00 PM CET
  • Location: Hotel Riu Plaza España, Madrid, Spain

Conference Session 1: Andreas Herz & Peter Manev | Suricata Extreme Performance Tuning — SEPTun Mark III

Andreas Herz and Peter Manev follow-up to earlier Suricon discussions about SEPTun (see a video recording here). In this evolution of the presentation, Peter and Andreas take a deep dive into routines that have helped them find, report, and fix bottlenecks in their Suricata deployments. They will summarize the details of SEPTun Mark III and the findings that they would like to share with the community, including configuration recommendations, findings, and performance processing guidelines. (note: you do not need to have seen previous SEPTun talks to participate in this session)

  • Date: Thursday, 14 November, 2024
  • Time: 3:15 - 4:00 PM CET
  • Location: Hotel Riu Plaza España, Madrid, Spain

Conference Session 2: Markus Kont | Ridiculously Rich SMB Data Provided by Suricata

In this session, Markus Kont expands on his implementation of Jupyter Notebooks to present the available fields in EVE SMB protocols, along with observations about the properties of these fields. He will also explore samples of actual SMB event flows — including how one should normally look, along with samples of malicious event flows he has seen during cyber exercises. Finally, Markus will present opportunities for traffic profiling and anomaly detection, such as extracting useful features from SMB traffic and performing simple graph analytics.

For an intro to Markus’s work on Jupyter Notebooks for Suricata, read this blog series.

  • Date: Thursday, 14 November, 2024
  • Time: 4:15 - 5:00 PM CET
  • Location: Hotel Riu Plaza España, Madrid, Spain

Conference Session 3: Éric Leblond | The Dataset that Shouts in Whispers to Analysts

Éric Leblond goes in depth on the dataset feature in Suricata, a powerful feature that allows users to build rules to match on huge lists of Indicators of Compromise (IoC) at high speed. In this session, Éric introduces datajson, a new dataset type where the user can embed context in the IoC definition and add this context to the IDS events. He will also showcase usage of the feature with a newly-registered domain list and other massive datasets.

  • Date: Thursday, 14 November, 2024
  • Time: 11:30 AM - 12:00 PM CET
  • Location: Hotel Riu Plaza España, Madrid, Spain

See You in Madrid!

If you haven’t already done so, make sure to visit https://suricon.net/ to purchase tickets, reserve your room, and view the agenda for the week. We look forward to seeing you there! To stay updated with new blog posts and other news from Stamus Networks, make sure to subscribe to the Stamus Networks blog, follow us on Twitter, LinkedIn, and Facebook, or join our Discord.

Dallon Robinette

Schedule a Demo of Stamus Security Platform

REQUEST A DEMO

Related posts

Stamus Networks at Black Hat Europe 2024

Stamus Networks is excited to return to Black Hat Europe 2024 at Excel London, United Kingdom 9-12...

See Stamus Networks at an Event Near You!

Stamus Networks is excited to announce that our co-founders Éric Leblond (Chief Technology Officer)...

Stamus Networks Reflections on BlackHat Europe 2022

BlackHat Europe 2022 was the last conference of an eventful year for our team at Stamus Networks....