We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close

Contact us

Ask a question?

If you want to know anything about the course, we’re here to help.


Go to the Codebreakers competition here

Suricata for Incident Response and Threat Hunting

Course overview

Suricata is the foundation for effective intrusion detection and prevention. With cyber attacks on the rise it’s more crucial than ever for businesses, enterprises or cybersecurity consultancies to have a comprehensive security strategy in place. And that’s where Suricata rules come to the rescue.

The “Suricata for Incident Response and Threat Hunting” course from Kaspersky xTraining is the ultimate training program taught by Kaspersky’s leading security researcher who has spent years on the front lines of cyber defense, Tatyana Shishkova. She will share unique insights and sophisticated tips and tricks, giving you an unparalleled understanding of the IDS/IPS within the Suricata rules framework.

The course is created for companies aiming to power up their security policy and individual learners, looking to advance their career in cyber security. Whether you’re a beginner specialist or a seasoned professional in security or SOC analysis, security administration, malware research or incident response, it will give you the knowledge and skills to stay ahead of the ever-evolving threat landscape.

Learn how to write and implement Suricata rules to detect and block even the most advanced threats. Gain a deep understanding of how the framework works, and how to use it for identifying and responding to attacks in real-time. Get practical experience to enhance your network security with hands-on exercises and various real-life scenarios.

Hands-on experience

The best way to learn Suricata rules is by actually writing them! Take the chance to meet real-life cases like Copper Stealer malware and HQWar Android dropper to safely put your newfound knowledge into practice.

Up-to-date tips and tricks

Stay ahead of the game with the latest tips, tricks, and techniques for creating and implementing Suricata rules. Learn the most cutting-edge methods for network security to keep pace with the rapidly evolving world of cybersecurity.

Learn from the best!

Start your acquaintance with Suricata rules under the guidance of Kaspersky's top expert from the Global Research and Analysis Team (GReAT), Tatyana Shishkova, who has years of experience creating and implementing Suricata rules in real-life cases.

From beginner to pro

The course is designed to take you on a journey from the basics of Suricata rules for different network protocols to the most advanced features and techniques.

All Levels

All levels


$890 inc. tax per learner  


Training objectives:

By the end of this training you will be better able to:

  • Understand what is a NIDS and how to use it
  • Write Suricata rules for different protocols
  • Utilize tips and tricks to create fast and efficient rules
  • Learn about typical network attacks
  • Analyze suspicious traffic and recognizing traffic anomalies
  • Learn how to identify and fix a false alarm
  • Learn how to use Suricata for threat hunting
  • Gain new skills through a practical challenge in virtual environment


  • Basic knowledge of network protocols
  • Familiarity with regular expressions (optional)
Tatyana Image(1)

Your course leader

Tatyana Shishkova,

Lead Security Researcher, GReAT

Tatyana Shishkova is a Lead Security Researcher with more than seven years’ experience in network traffic analysis. Working at Kaspersky for more than a decade, she specializes in reverse engineering and network intrusion detection using Suricata.

Tatyana is a regular speaker at major cybersecurity conferences, including PHDays, SuriCon, SAS, and Botconf.

Who it's for


The course will allow you to advance your SOC or cybersecurity team’s skills and implement effective network security policies to make a step towards detecting and preventing cyber attacks before they cause damage to your organization.


Cybersecurity consultancies
The course also benefits specialist consultancies aiming to train their team how to create Suricata rules and fine-tune them for maximum effectiveness and be able to provide more sufficient services to their clients.

Cybersecurity Consultancies

InfoSec professionals
This course aims to open up new opportunities for advancing your career as an incident response specialist, malware researcher, or security analyst. While learning, you will get to know more about developing and deploying effective Suricata rules and prepare yourself to face more advanced cyber threats.

How you'll learn


Guided video lectures
Learn Suricata rules with guided video lectures, providing in-depth explanations of each topic and exercise.

Active Learning

Virtual lab
Practice in a safe virtual environment, designed especially for the course.

Virtual Lab

Iterative learning
The course is designed with an iterative learning approach with consistent modules based on specialist overviews of each task, practical work in a Virtual Lab and detailed expert solutions.


Benefits for you

While samples cannot be downloaded, you can download static analysis framework, scripts from the exercises and the training materials.

Access Icon
6 months to complete your course from activation of your access code Bullet Tick
Pace Icon
Courses delivered in English with subtitles Bullet Tick
Course Duration
Self-guided learning that fits around your life Bullet Tick
Course duration
It will take you approximately 18 hours to watch the videos Bullet Tick
Downloads Icon
PDF downloads of training materials and tips Bullet Tick
Mobile Access
Learning environment
Browser-based via desktop, mobile and tablet (excludes virtual lab which requires an RDP client) Bullet Tick
Course Author
Course author
Member of Kaspersky Global Research and Analysis Team (GReAT) Bullet Tick
Guided Videos Icon
Guided videos
30+ videos to guide you through the course Bullet Tick
Mobile Access
Virtual lab
Safe virtual environment for hands-on learning Bullet Tick
Technical Support Icon
Support & Feedback
Platform support and help from our subject matter experts is available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com Bullet Tick
Dollar Icon
Special offer
If you’re already an xTraining learner then contact us at help.kaspersky.com for a special discount Bullet Tick
Certification Icon
Certificate of completion
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) Bullet Tick

$890 inc. tax per learner