Suricata for Incident Response and Threat Hunting

The best way to learn Suricata rules is by actually writing them! Take the chance to meet real-life cases like Copper Stealer malware and HQWar Android dropper to safely put your newfound knowledge into practice.

Stay ahead of the game with the latest tips, tricks, and techniques for creating and implementing Suricata rules. Learn the most cutting-edge methods for network security to keep pace with the rapidly evolving world of cybersecurity.

Start your acquaintance with Suricata rules under the guidance of Kaspersky’s top expert from the Global Research and Analysis Team (GReAT), Tatyana Shishkova, who has years of experience creating and implementing Suricata rules in real-life cases.

The course is designed to take you on a journey from the basics of Suricata rules for different network protocols to the most advanced features and techniques.

Built for Tier 3 Threat Hunters

All levels

$890 inc. tax per learner

All levels

$890 inc. tax per learner

Background

Suricata is the foundation for effective intrusion detection and prevention. With cyber attacks on the rise it’s more crucial than ever for businesses, enterprises or cybersecurity consultancies to have a comprehensive security strategy in place. And that’s where Suricata rules come to the rescue.

The “Suricata for Incident Response and Threat Hunting” course from Kaspersky xTraining is the ultimate training program taught by Kaspersky’s leading security researcher who has spent years on the front lines of cyber defense, Tatyana Shishkova. She will share unique insights and sophisticated tips and tricks, giving you an unparalleled understanding of the IDS/IPS within the Suricata rules framework.

The course is created for companies aiming to power up their security policy and individual learners, looking to advance their career in cyber security. Whether you’re a beginner specialist or a seasoned professional in security or SOC analysis, security administration, malware research or incident response, it will give you the knowledge and skills to stay ahead of the ever-evolving threat landscape.

Learn how to write and implement Suricata rules to detect and block even the most advanced threats. Gain a deep understanding of how the framework works, and how to use it for identifying and responding to attacks in real-time. Get practical experience to enhance your network security with hands-on exercises and various real-life scenarios.

Course leader

Tatyana Shishkova

Lead Security Researcher, GReAT

Tatyana Shishkova is a Lead Security Researcher with more than seven years’ experience in network traffic analysis. Working at Kaspersky for more than a decade, she specializes in reverse engineering and network intrusion detection using Suricata.

Tatyana is a regular speaker at major cybersecurity conferences, including PHDays, SuriCon, SAS, and Botconf.

Overview & objectives

Understand what is a NIDS and how to use it
Write Suricata rules for different protocols
Utilize tips and tricks to create fast and efficient rules
Learn about typical network attacks
Analyze suspicious traffic and recognizing traffic anomalies
Learn how to identify and fix a false alarm
Learn how to use Suricata for threat hunting
Gain new skills through a practical challenge in virtual environment

Syllabus

Suricata basics

Basic information about network protocols

What is a NIDS, the principle of their work and main functions

Most popular NIDS and difference between them

Useful tools for network traffic analysis

How to run Suricata in virtual lab

Rule writing basics

Structure and syntax of Suricata rules

Basic keywords

Selecting good options for a rule

Writing rules for HTTP protocol

Specific keywords for the HTTP protocol

How to write a rule step-by-step

Writing rules for HTTP protocol for a given traffic dump

Writing rules for DNS, TSP and SSL/TLS protocols

Basic information about DNS, TCP and SSL/TLS protocols

Keywords and tips for writing rules for these protocols

Writing rules for DNS, TCP and SSL/TLS protocols for a given traffic dump

Advanced Suricata features

Advanced rule options that aren’t always necessary, but can help a lot in some cases

Selecting best options for a rule

Writing rules for a given traffic dump

Detecting typical attacks

About popular network attacks and how to detect them

Writing rules to detect typical attacks for a given traffic dump

Problem solving

About typical problems when writing Suricata rules and how to solve them

How to check rule performance

How to fix false positives

How to write “good” rules

Solving typical problems

Fixing false positives

Who it's for

Cybersecurity consultancies

Train your consultancy team to create and fine-tune Suricata rules for maximum effectiveness so to provide more effective services to their clients.

Enterprises

Advance your SOC or cybersecurity team’s skills to implement effective network security policies moving towards detecting and preventing cyber attacks before they cause organisational damage.

InfoSec professionals

Advance your career as an incident responder, malware researcher, or security analyst. Get to know more about developing and deploying effective Suricata rules to prepare yourself for more advanced threats.

How you'll learn

Guided video lectures

Learn Suricata rules with guided video lectures, providing in-depth explanations of each topic and exercise.

Virtual lab

Practice your new skills in a safe virtual environment. Designed especially for our Suricata course, your virtual environment is loaded with all the tools you need to help you learn and succeed.

Iterative learning

The course is designed with an iterative learning approach with consistent modules based on specialist overviews of each task, practical work in a Virtual Lab and detailed expert solutions.

Team training

With a constantly evolving threat landscape it’s vital IT security specialists keep their skills up to date. With our online training, you can learn effective threat detection and mitigation strategies from the comfort if you’re home with highly practical hands-on courses.

Benefits

Access

6 months to complete your course from activation of your access code

Language

Courses delivered in English with subtitles

Pace

Self-guided learning that fits around your life

Course duration

It will take you approximately 18 hours to watch the videos

Downloads

PDF downloads of training materials and tips

Learning environment

Browser-based via desktop, mobile and tablet (excludes virtual lab which requires an RDP client)

Course author

Member of Kaspersky Global Research and Analysis Team (GReAT)

Guided videos

30+ videos to guide you through the course

Virtual lab

Safe virtual environment for hands-on learning

Certification of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)