The best way to learn Suricata rules is by actually writing them! Take the chance to meet real-life cases like Copper Stealer malware and HQWar Android dropper to safely put your newfound knowledge into practice.
Contact us
Ask a question?
If you want to know anything about the course, we’re here to help.
Suricata for Incident Response and Threat Hunting
Course overview
Suricata is the foundation for effective intrusion detection and prevention. With cyber attacks on the rise it’s more crucial than ever for businesses, enterprises or cybersecurity consultancies to have a comprehensive security strategy in place. And that’s where Suricata rules come to the rescue.
The “Suricata for Incident Response and Threat Hunting” course from Kaspersky xTraining is the ultimate training program taught by Kaspersky’s leading security researcher who has spent years on the front lines of cyber defense, Tatyana Shishkova. She will share unique insights and sophisticated tips and tricks, giving you an unparalleled understanding of the IDS/IPS within the Suricata rules framework.
The course is created for companies aiming to power up their security policy and individual learners, looking to advance their career in cyber security. Whether you’re a beginner specialist or a seasoned professional in security or SOC analysis, security administration, malware research or incident response, it will give you the knowledge and skills to stay ahead of the ever-evolving threat landscape.
Learn how to write and implement Suricata rules to detect and block even the most advanced threats. Gain a deep understanding of how the framework works, and how to use it for identifying and responding to attacks in real-time. Get practical experience to enhance your network security with hands-on exercises and various real-life scenarios.
Hands-on experience
Up-to-date tips and tricks
Stay ahead of the game with the latest tips, tricks, and techniques for creating and implementing Suricata rules. Learn the most cutting-edge methods for network security to keep pace with the rapidly evolving world of cybersecurity.
Learn from the best!
Start your acquaintance with Suricata rules under the guidance of Kaspersky's top expert from the Global Research and Analysis Team (GReAT), Tatyana Shishkova, who has years of experience creating and implementing Suricata rules in real-life cases.
From beginner to pro
The course is designed to take you on a journey from the basics of Suricata rules for different network protocols to the most advanced features and techniques.
All levels
$890 inc. tax per learner
Training objectives:
By the end of this training you will be better able to:
- Understand what is a NIDS and how to use it
- Write Suricata rules for different protocols
- Utilize tips and tricks to create fast and efficient rules
- Learn about typical network attacks
- Analyze suspicious traffic and recognizing traffic anomalies
- Learn how to identify and fix a false alarm
- Learn how to use Suricata for threat hunting
- Gain new skills through a practical challenge in virtual environment
Prerequisites
- Basic knowledge of network protocols
- Familiarity with regular expressions (optional)
.png "Tatyana Image(1)")
Your course leader
Tatyana Shishkova,
Lead Security Researcher, GReAT
Who it's for
Enterprises
The course will allow you to advance your SOC or cybersecurity team’s skills and implement effective network security policies to make a step towards detecting and preventing cyber attacks before they cause damage to your organization.
Cybersecurity consultancies
The course also benefits specialist consultancies aiming to train their team how to create Suricata rules and fine-tune them for maximum effectiveness and be able to provide more sufficient services to their clients.
InfoSec professionals
This course aims to open up new opportunities for advancing your career as an incident response specialist, malware researcher, or security analyst. While learning, you will get to know more about developing and deploying effective Suricata rules and prepare yourself to face more advanced cyber threats.
How you'll learn
Guided video lectures
Learn Suricata rules with guided video lectures, providing in-depth explanations of each topic and exercise.
Virtual lab
Practice in a safe virtual environment, designed especially for the course.
Iterative learning
The course is designed with an iterative learning approach with consistent modules based on specialist overviews of each task, practical work in a Virtual Lab and detailed expert solutions.
Syllabus
Suricata basics
- Basic information about network protocols
- What is a NIDS, the principle of their work and main functions
- Most popular NIDS and difference between them
- Useful tools for network traffic analysis
- How to run Suricata in virtual lab
Rule writing basics
- Structure and syntax of Suricata rules
- Basic keywords
- Selecting good options for a rule
Writing rules for HTTP protocol
- Specific keywords for the HTTP protocol
- How to write a rule step-by-step
- Writing rules for HTTP protocol for a given traffic dump
Writing rules for DNS, TSP and SSL/TLS protocols
- Basic information about DNS, TCP and SSL/TLS protocols
- Keywords and tips for writing rules for these protocols
- Writing rules for DNS, TCP and SSL/TLS protocols for a given traffic dump
Advanced Suricata features
- Advanced rule options that aren’t always necessary, but can help a lot in some cases
- Selecting best options for a rule
- Writing rules for a given traffic dump
Detecting typical attacks
- About popular network attacks and how to detect them
- Writing rules to detect typical attacks for a given traffic dump
Problem solving
- About typical problems when writing Suricata rules and how to solve them
- How to check rule performance
- How to fix false positives
- How to write “good” rules
- Solving typical problems
- Fixing false positives
Benefits for you
While samples cannot be downloaded, you can download static analysis framework, scripts from the exercises and the training materials.
 |
6 months to complete your course from activation of your access code |  |
 |
Courses delivered in English with subtitles | |
 |
Self-guided learning that fits around your life | |
 |
It will take you approximately 18 hours to watch the videos | |
 |
PDF downloads of training materials and tips | |
 |
Browser-based via desktop, mobile and tablet (excludes virtual lab which requires an RDP client) | |
 |
Member of Kaspersky Global Research and Analysis Team (GReAT) | |
 |
30+ videos to guide you through the course | |
|
Safe virtual environment for hands-on learning | |
 |
Platform support and help from our subject matter experts is available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com | |
 |
If you’re already an xTraining learner then contact us at help.kaspersky.com for a special discount | |
 |
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) | |
$890 inc. tax per learner