suricata and the shark: suriwire · suricata and the shark: suriwire É. leblond stamus networks...

Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 1/7

Upload: others

Post on 27-Jun-2020

6 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Suricata and the Shark: suriwire

É. Leblond

Stamus Networks

July. 03, 2018

É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 1 / 7

Get the mascot

Available on Amazon: https://www.amazon.co.uk/Vivid-Arts-Meerkat-Shark-Onesie/dp/B01MAYA3A1

For only 19.99 brexit coins1

1Worth 76745.63 Columbian PesoÉ. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 2 / 7

https://www.amazon.co.uk/Vivid-Arts-Meerkat-Shark-Onesie/dp/B01MAYA3A1

Page 3: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July

Get Suricata information in Wireshark

É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 3 / 7

Page 4: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July

Also get extracted metadata

É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 4 / 7

Page 5: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July

Filter is working

É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 5 / 7

Page 6: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July

How it works

Wireshark plugin written in LuaLoad JSON file generated by Suricata (viaTools->Suricata->Activate)Add a new top domain protocol named suricata

É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 6 / 7

Page 7: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July

Questions ?

Thanks toanonymous NSA agentWireshark teamOISF and Suricata team

Contact [email protected]: @regiteric

Get it, use ithttps://github.com/regit/suriwire

É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 7 / 7

https://github.com/regit/suriwire

Suricata: caso di studio di Intrusion Detection and ...computerscience.unicam.it/marcantoni/tesi/Suricata... · ché Suricata sia un software multipiattaforma, alcune funzionalità

Performance Testing Suricata The Effect of Configuration Variables On Offline Suricata

Implementasi Intrusion Prevention System berbasis Suricata

Suricata Update DocumentationSuricata Update Documentation, Release 1.2.0dev0 suricata-update 1.6List Enabled Sources suricata-updatelist-enabled-sources 1.7Disable a Source suricata-update

Suricata 2.0, Netfilter and the PRC - stamus-networks.com · Suricata 2.0, Netﬁlter and the PRC Éric Leblond Stamus Networks April 26, 2014 Éric Leblond (Stamus Networks) Suricata

Eric Leblond IDS-suricata

Office suite and firewall - Netfilter · Office suite and firewall É. Leblond Stamus Networks 2016 June 27 É. Leblond (Stamus Networks) Office suite and firewall 2016 June 27

Suricata IDPS and Linux kernel - NetDev conf · 1 Suricata Introduction Streaming Performance 2 Suricata and Linux kernel AF_PACKET NFQUEUE 3 Suricata and ofﬂoading Interest of

Suricata, the Terminator of IDS/IPS world · Suricata, the Terminator of IDS/IPS world Éric Leblond OISF July 9, 2013 Éric Leblond (OISF) Suricata, the Terminator of IDS/IPS world

Logging with Netfilter and ulogd2...Logging with Netﬁlter and ulogd2 Éric Leblond Stamus Networks June 23, 2015 Éric Leblond (Stamus Networks) Logging with Netﬁlter and ulogd2

Software IDS Dan IPS Suricata

Suricata IDPS and Nftables: The Mixed Mode · 2016-06-28 · Suricata: IPS Stream in IPS In inline mode, data is analysed before they have been ACKed. When Suricata receives a packet,

Tools and Techniques to Simplify Suricata Performance Testing€¦ · TOOLS AND TECHNIQUES TO SIMPLIFY SURICATA PERFORMANCE TESTING SURICON 2019 JOE JOHNSON – PRINCIPAL SOFTWARE

Bro Befriends Suricata · Bro Befriends Suricata 23/09/16 20:23 Page 2 of 47

Suricata - Netfilterworkshop.netfilter.org/.../1f/Eric_Leblond_IDS-suricata.pdf · 2013-03-21 · Suricata has been created by about 35 developers so far. Board Project leader: Matt

Suricata User Guide - Read the Docs · CHAPTER 2 Installation Before Suricata can be used it has to be installed. Suricata can be installed on various distributions using binary packages:

Suricata 2.0, Netfilter and the PRC - RMLL · Suricata 2.0, Netﬁlter and the PRC Éric Leblond Stamus Networks July 8, 2014 Éric Leblond (Stamus Networks) Suricata 2.0, Netﬁlter

Virtualizing Suricata* IPS Using Hyperscan Pattern Matching · Suricata* Overview Suricata is an open source-based intrusion detection system (IDS), intrusion prevention system (IPS),

Suricata ips mode

Suricata IDPS and Nftables: The Mixed Mode...Suricata IDPS and Nftables: The Mixed Mode Giuseppe Longo Stamus Networks Jul 5, 2016 Giuseppe Longo (Stamus Networks) Suricata IDPS and

Suricata User Guide · 2019-04-02 · 14 Public Data Sets 223 15 Using Capture Hardware 225 ... Suricata stops running. If you run Suricata as deamon (using the -D option), it runs

Suricata IDS/IPS - Vereniging NLUUG · Suricata creator and lead dev ... – Suricata – ELK stack ... – e.g. various ELK parts from the official ELK images

Bro Befriends Suricata - The Bro Network Security … · Bro Befriends Suricata 23/09/16 20:23 Page 1 of 47 BRO BEFRIENDS SURICATA SURICATA AND …

SURICATA TETRADACTYLA. - COnnecting REpositories · suricata tetradactyla. by g. t. s. kiselkn b.a. (cape) dkpar'l'i^ment of zoology, university of the \ witwatersrand. with plates

· Bull shark Oceanic whitetip shark Dusky shark Sandbar shark Great white shark Sand tiger shark Gulper shark Leafscale gulper shark Black dcgfi5h Portuguese dogfish Longnose velvet

Where do they live? · 2020. 4. 23. · Species of shark include great white shark, grey reef shark, hammerhead shark, tiger shark, blue shark, bull shark and mako shark. (Accept

Suricata for Malware Classification - 2020 SuriCon in ...€¦ · Kaspersky | Suricata for Malware Classification • Scanning traffic from already detected malicious executables

Suricata IDPS and Linux kernel - NetDev: The … IDPS and Linux kernel É. Leblond, G. Longo Stamus Networks February 10, 2016 É. Leblond, G. Longo (Stamus Networks) Suricata IDPS

Suricatayaml - Suricata ion Security Foundation - Suricata.yaml... · Suricata.yaml Suricata uses the Yaml format for configuration. The Suricata.yaml file included in the source

Meerkat (Suricata suricatta)

Latest advance in Suricata IDPS - RMLLschedule2012.rmll.info/IMG/pdf/2012_rmll_suricata.pdf · Suricata vs Snort Suricata Drived by a foundation Multi-threaded Native IPS Advanced

Suricata - workshop.netfilter.org · Suricata Éric Leblond / Victor Julien OISF March 12, 2013 Éric Leblond / Victor Julien (OISF) Suricata March 12, 2013 1 / 41

eBPF and XDP in Suricata reloaded€¦ · Test data Using a test pcap of 445Mo. Real trafﬁc but lot of malicious behaviors Trafﬁc is a bit old É. Leblond/P. Manev (Stamus Networks)

Suricata Tutorial

FIAT7IFTA @ dubai 2013 SURICATA PAPER