Suricata produces a lot of data. EVE has over 1000 distinct JSON fields over large amount of supported event types. Likewise, rulesets contain tens of thousands of rules. This makes it difficult to truly understand the data, and users often need to resort to large SIEM and data analytics engines for doing that.
Jupyter notebooks are interactive data exploration tools that originated from scientific communities, and in the recent years they have become increasingly more popular for threat hunting and incident response.
Our recent blog series from threat researcher, Markus Kont, introduces our newest contribution to the Suricata community: Jupyter Playbooks. Markus explores the power of Jupyter Labs for security practitioners who work with Suricata, and discusses how the new Jupyter notebooks from Stamus Labs can be used for Suricata rule exploration, R&D prototyping for threat hunting, and analytics.
NEW: Blue Team Diaries Podcast
NEW: Webinar this Thursday
Join our host Peter Manev and guest Joost Bijl, Project Manager at Hunt and Hackett, a group of cybersecurity experts that are working to help their customers defend against advanced threats. During this podcast, Joost shares his thoughts on the importance of making sense of network data and his favorite tools for detecting suspicious events.
In order to maintain high levels of visibility into their network and stay protected from attack signals that commonly fly under the IDS radar, security leaders should consider alternative options to a purely IDS-based threat detection model.
Join us on March 16 @ 10 AM ET for our next Detect to Protect webinar.
Stamus Networks helps enterprise security teams know more, respond sooner, and mitigate their risk. Request a live demo to see how our Stamus Security Platform can help, no strings attached.