Cyber Defence Monitoring Course Suite Module 1


Cyber Defence Monitoring Course Suite Module 1


6-10 Mar 2017

Registration deadline:

20 Jan 2017



Tallinn, Estonia

Participation fee:

300 € (no fee for the Sponsoring Nations, Contributing Partners and NATO bodies)

This intensive hands‐on course concentrates on a single solution from a number of important Cyber defence monitoring techniques and solutions. We focus only on rule‐based threat detection, more widely known as Intrusion Detection. We will use Suricata, an open‐source free software tool, to build network security monitoring for different scales, from SOHO/SME up to enterprise level.

Learning Objectives

The  course  demonstrates  how  Suricata  is  a  perfect  fit  for  modern  network  security monitoring. Attendees gain practical experience on how to build up a scalable system and how challenging the security‐engineering process can be. During hands‐on exercises, students start from the basic single instance installation and end up implementing a distributed system with centralised command, analysis and visualisation solutions. 
Target Audience

  • Technical IT security staff in charge of the implementation of classified networks
  • Security and IT managers who want to get a real‐life understanding of Suricata

Non‐target audience: 

  • Experienced  network  forensics  practitioners  are  not  the  target  audience  for  this course


  • Installing a single instance for small office network
  • Building from source to get a custom set of required features
  • Controlling the rule base
  • Tweaking protocols and artefact extraction
  • Tweaking outputs with scripting
  • Controlling a large setup
  • Gathering logs and extractions
  • Visualising for humans

On this course we will work with network traffic from Locked Shields 2015, and so the traffic will have real intrusions. We will also use samples of existing botnets to analyse obfuscation techniques used today. 


  • Good understanding of TCP/IP networking and network and system administration
  • Recent everyday network/system administrator's work experience for at least 2 years in UNIX environments
  • Previous detailed knowledge on the following topics
    • work principles of UNIX operating systems and UNIX file system layout
    • common UNIX shells (e.g., sh, bash)
    • common UNIX user tools (e.g., ls, ps, kill) and
    • common UNIX system administration utilities
  • Scripting experience is required
  • Previous programming experience is not required, but is helpful
  • English language skill comparable to STANAG 6001, 

NB!  We  most  strongly  discourage  the  participation  of  students  who  do  not  fulfil  these prerequisites,  since  the  course  contains  advanced  lab  sessions  assuming  this  knowledge. Therefore, the presence of unskilled attendees is likely to hinder the overall progress of the course. 

Registration info

Please  register  for  the  course  by  visiting  the  NATO  CCD  COE  website  and  completing  the provided  registration  form  before  the  deadline.  Should  you  have  any  questions,  please contact: events -at- 
* Before registering, please check the up‐to‐date course information on the NATO CCD COE website.