Juliana Fajardini Reichow
Juliana Fajardini (she/her) graduated in 2014 in Information Systems in Brazil and has a diverse background in technology and entrepreneurship. Her experience includes working with Robot Soccer in Mixed Reality environments, Customer Development, mentoring young women in tech, and technical support. She started working with OISF through an internship with Outreachy. She strongly believes in the power of diversity and inclusion, communities, knowledge sharing, and giving back.
Session
This session offers a practical introduction to Suricata, a renowned open-source Network Intrusion Detection and Intrusion Prevention System, focusing on its role in detecting and mitigating network threats. Through a series of practical exercises, participants will gain insights into the fundamentals of network security and how Suricata operates within this domain.
This workshop lets the attendees first soak up the knowledge required to properly deploy Suricata at the right place in the network. Attendees will then complete a series of exercises that enable them to evaluate network traffic, identify threats and anomalies, employ and understand world-class security rules, and explore what else Suricata can provide.
This is a unique opportunity to explore Suricata's features and how they can be leveraged to enhance network security, presented by members of the Suricata team. We invite you to join this workshop to refine your network defense skills and advance your understanding of effective security practices with Suricata.
For this workshop, you'll need:
A laptop in which you can install Suricata. Ubuntu is the most common OS, but you can also have another OS or use a virtual machine.
While not required or needed it can help to have the basic knowledge about networking.
To leave more time for the exercises please try to come with Wireshark, Suricata and Evebox installed.
How to install Suricata on Ubuntu/Debian/CentOS...):
https://docs.suricata.io/en/latest/install.html#ubuntu-from-personal-package-archives-ppa
How to install Evebox:
Installation through APT/RPM repository is recommended
https://evebox.org/docs/install/
You can verify the installation by:
- downloading some pcap e.g. from here: https://wiki.wireshark.org/samplecaptures
- running the pcap through Suricata and Evebox with this command:
suricata -r |PATH_TO_PCAP| -l /tmp/ -S /dev/null -k none && sudo evebox oneshot /tmp/eve.json
In the Evebox local website, in the events section, you should now see Suricata events.