Éric Leblond is the co-founder and chief technology officer (CTO) at Stamus Networks. He sits on the board of directors at Open Network Security Foundation (OISF). Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities. He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is a respected expert and speaker on all things network security.
This talk will present how Suricata, an open source IDS and NSM engine can provide high performance matching of IOCs on live traffic using a feature named dataset. It will also cover how the produced NSM events can be used to do IOC matching on past traffic data and will present the IOCMite tool that link Suricata and MISP.
Writing Suricata signatures is seen by some as a form of art and my most as a nightmare. This talk will introduce Suricata Language Server that is an implementation of LSP to get syntax checking and performance hints from your IDE when writing Suricata signatures.