Last week our team was in Athens for the biggest Suricata conference this year - Suricon 2022. The event brought Suricata experts, developers, users and enthusiasts from around the world to share and discuss new features, experiences, and findings related to the open-source tool. As the event is already in the past, we have taken our notes and we are excited to share them with you.
This year’s Suricon was a special event for us – our founders and Suricata core developers, Eric Leblond and Peter Manev, released their first book, entitled “The Security Analyst’s Guide to Suricata”. We handed out more than 50 signed copies to Suricata enthusiasts who want to elevate their experience with the open-source engine and answer any questions they might have had. If you want to get your PDF or eReader copy, you can download it here for free.
Another notable announcement from Stamus Networks at this year’s Suricon is the introduction of our new open-source ruleset for lateral detection in Microsoft Windows environments. Our Chief Strategy Officer – Peter Manev – announced its availability during his presentation and shared more information on how it works. If you missed his talk, you can read our blog on the topic to learn more about this new ruleset.
This year we hosted two pre-conference training sessions and three presentations. Markus Kont was one of the first presenters at the conference and delivered a very engaging talk about the use of Jupyter Notebooks with Suricata. He gave a live demonstration of how Stamus Security Platform (SSP) uses Jupyter Notebook for rule exploration and R&D prototyping for threat hunting and analytics and then answered questions from guests about the interactive data exploration tool.
Eric Leblond presented a few hours later, and his session was focused on Suricata datasets. He demonstrated their use for network-based anomaly detection and how MISP threat intelligence sharing can be incorporated into the deployments for Suricata users. Eric also explored the opportunity for datasets to be used to check for matches against a list of known IOCs.
Our last session this year was led by Peter Manev. “Hunting with Metadata for Recently Disclosed CVEs” was based on how Suricata can help answer questions such as “Are we vulnerable?” or “Have we been breached?”. Peter dove deep into the components of Suricata for spotting specific CVE exploits and demonstrated what can be done to make it easier for users. During his presentation, he announced the new open-source ruleset for lateral detection, mentioned above.
We are happy we had the opportunity to meet in-person with some old friends from the Suricata community that we haven’t seen for more than 2 years. We heard some interesting sessions during the conference and had the opportunity to learn how other companies are using Suricata in their tools. We believe the community is stronger than ever and is going in the right direction. And we gathered many ideas that we plan to explore for the Stamus Security Platform (SSP).
We want to thank those that came to our booth to get a book or say “hi” to our team, those that joined Peter and Eric for their pre-conference training, and those that came to our sessions. We were excited to be back in-person and hope to see you again next year!