You
MUST register through eventbrite to gain access to this session (Day 2).
Securing a network often begins with the ability to generate alerts when malicious or
non-standard network traffic is observed. This is routinely accomplished through intrusion
detection and prevention systems (IDPS) such as Suricata, as well as other open-source tools.
Unfortunately, an alert only provides a narrow view into a possible incident. Data surrounding an
alert also needs to be available to help an analyst build context before and after an alert. In this
talk, we’ll introduce the latest features available in the newly released Suricata 6.0 and discuss
how protocol-specific logs, full-packet capture and other features of Suricata and Zeek can be
used to build a more comprehensive view into an organization’s network. This context allows for
an organization to understand the threats they face and gives them the ability to respond to
incidents quickly and more accurately.
Slack Channel for this session -
Haven't joined the Zeek Slack space yet you can do so at:
https://join.slack.com/t/zeekorg/shared_invite/zt-cgz9wa7p-BXihgVtZlmnRfHZXmUltZQLink to Session Survey - https://forms.gle/aFCTXniakuJGi7YN9