Eric Leblond
Éric Leblond is the co-founder and chief technology officer (CTO) of Stamus Networks and a member of the board of directors at Open Network Security Foundation (OISF). Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities.
He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is also the lead developer of the Suricata Language Server, a real-time syntax checking and autocomplete app for Suricata rule writers.
Eric is a well-respected expert and speaker on network security.
Sessions
This hands-on workshop provides an in-depth exploration of advanced techniques for maximizing network threat detection using Suricata. This session delves into critical areas such as effective utilization of metadata keywords, including MITRE and regular metadata, to enrich detection context. The workshop will also cover leveraging the Suricata Language Server (SLS) for rule development and optimization, including interpreting performance hints and implementing Continuous Integration (CI) for rulesets using SLS in batch mode.
Suricata is a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets. Suricata provides network protocol, flow, alert, anomaly logs, file extraction and PCAP capture at very high speeds.
This hands-on training will focus on a few new and ground breaking detection additions of the new Suricata 8 release, like transactional rules, data/datajson sets, new protocols and keywords available such as entropy matching.
Suricata is a widely-used high performance, open source network analysis and threat detection software.This talk will provide an overview of the key new features introduced in Suricata 8, the latest release of the open-source network threat detection engine. We will cover the addition of several new protocols, including LDAP, DNS over HTTPS, SIP, SDP, POP3, and websocket, expanding Suricata's monitoring capabilities. We will also discuss the new "transactional rules" functionality, which allows single signatures to match traffic in both directions.