This intensive 2 (weeks) long online hands-on course concentrates on a single solution from several important Cyber defence monitoring techniques and solutions. We focus only on rule-based threat detection, more widely known as Intrusion Detection. We will use Suricata, an open-source free software tool, to build network security monitoring for different scales, from SOHO/SME up to enterprise level.
Due to the current travel restrictions to Estonia (from many countries the travelers have to spend a 14 days self-isolation period when they enter the country), this course will be held as an online course and the confirmed students DON’T HAVE TO TRAVEL to Estonia. Therefore they don’t have to buy flight tickets and don’t have to book accommodation in Tallinn.
All of the technical details to join the course will be shared with the confirmed participants until 18th of January, 2021.
Because of the required high level standards and skills described in the “Prerequisites” below, we most strongly discourage the participation of students who do not fulfil these prerequisites, since the course contains advanced lab sessions assuming this knowledge. Therefore, the presence of unskilled attendees is likely to hinder the overall progress of the course.
The course demonstrates how Suricata is a perfect fit for modern network security monitoring. Attendees gain practical experience on how to build up a scalable system and how challenging the security-engineering process can be. During hands-on exercises, students start from the basic single instance installation and end up implementing a distributed system with centralised command, analysis and visualisation solutions.
- Technical IT security staff in charge of network security monitoring.
- Security and IT managers who want to get a real-life understanding of Suricata.
- Experienced network forensics practitioners are not the target audience for this course.
- Installing a single instance for small office network.
- Building from source to get a custom set of required features.
- Controlling the rule base.
- Tweaking protocols and artefact extraction.
- Tweaking outputs with scripting.
- Controlling a large setup.
- Gathering logs and extractions.
- Visualising for humans.
- Good understanding of TCP/IP networking and network and system administration.
- Recent everyday network/system administrator’s work experience for at least 2 years in UNIX environments.
- Previous detailed knowledge on the following topics:
- work principles of UNIX operating systems and UNIX file system layout;
- common UNIX shells (e.g., sh, bash);
- common UNIX user tools (e.g., ls, ps, kill); and
- common UNIX system administration utilities.
- Scripting experience is required.
- Basic Python skills are required: ability to write a function, for loop, invoke standard library and use core data structures.
- English language skill comparable to STANAG 6001, 220.127.116.11.
NB! We most strongly discourage the participation of students who do not fulfil these prerequisites, since the course contains advanced lab sessions assuming this knowledge. Therefore, the presence of unskilled attendees is likely to hinder the overall progress of the course.
The lecture and lab materials for this course are publicly available on the following GitHub page: https://github.com/ccdcoe/CDMCS/tree/master/Suricata
Materials will be updated prior to each course.
Recommended for attendees without prior system or network monitoring experience:
ADL 345 Network and Log Monitoring on the NATO e-Learning website (JADL – https://jadl.act.nato.int/ )
Registration opens on 18 November 2020. Applicants from CCDCOE member nations should use the registration code provided by their national Point of Contact. An email confirming the participation will be sent only after the registration has closed.
If you have any questions or issues with registration, please contact [email protected]