Stamus Networks recently published version 2.0 of "The Security Analyst's Guide to Suricata," a practical guide to threat hunting and detection using Suricata – the open-source intrusion detection system (IDS) and network security monitoring (NSM) engine.
The latest edition incorporates new content, including an important chapter entitled "DNS Detection and Threat Hunting." This new chapter reviews DNS-related protocols, a primer on DNS analysis using Suricata data, tips for writing rules that detect DNS activity using DNS keywords in Suricata 7, and a guide to hunting on DNS events.
The book is available as a PDF or eReader, click the button below to learn more.