2023-04-23 | 12:00 – 12:35
Suricata is a well known open source network threat detection engine. As such it combines network security monitoring capabilities with advanced intrusion detection mechanisms. Dataset is one of the features that is at the border of these two worlds. This presentation will introduce the feature and its advanced matching capabilities and it will explain how it can be used to do real time check of various IOCs (IPs, user agent, file hash) and to build sightings databases to alert on newly observed communication artifacts in the defended network.