From protocol analysis to actionable algorithmic and signature detection with Suricata
2024-10-24 , Vianden & Wiltz

Suricata is a widely-used high performance, open source network analysis and threat detection software. This training will provide hands-on learning for different techniques using Suricata protocol analysis data for generating useful and actionable algorithmic and signature detection.


Suricata is an versatile open source engine that has been evolving beginning in 2009 to currently being able to provide  network protocol, flow, alert, anomaly logs, file extraction and PCAP at very high speeds. It is being used currently across the world as Network Security Monitoring, Intrusion Detection System, Intrusion Prevention System and even firewall.. 

The training will employ actual hands-on review of malware network pcap traces. Starting from protocol analysis and generic signatures events, the attendee will discover  the different queries and techniques that could be applied to detect the malware activity on the network. All of that keeping noise reduction in mind. The training aims to review a few cases of recent samples of malware families to give attendees practical experiences defending against modern threats. Attendees can expect to leave prepared to  to use algorithmic detection formulas, methods and signatures that can be implemented at home or at work. In addition, they will gain experience finding relevant malware data.

Éric Leblond is the co-founder and chief technology officer (CTO) of Stamus Networks and a member of the board of directors at Open Network Security Foundation (OISF). Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities. He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is also the lead developer of the Suricata Language Server, a real-time syntax checking and autocomplete app for Suricata rule writers. Eric is a well-respected expert and speaker on network security.

Peter Manev is the co-founder and chief strategy officer (CSO) of Stamus Networks and a member of the executive team at Open Information Security Foundation (OISF). Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software. He is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter is also the lead developer of SELKS, the popular turnkey open-source implementation of Suricata. Peter is a regular speaker and educator on open-source security, threat hunting, and network security.

Peter has been involved with Suricata IDS/IPS/NSM from its very early days in 2009 as QA and training lead. He is currently a Suricata executive council member. Peter has 15 years of experience in the IT industry, including as an enterprise-level IT security practitioner.

SELKS maintainer - turn-key Suricata-based IDS/IPS/NSM. A frequent contributor to and user of innovative open source security software, Peter maintains several online repositories for Suricata-related information: https://github.com/pevma , https://github.com/orgs/StamusNetworks/repositories and https://twitter.com/pevma.

Peter Manev is a co-author of the The Security Analyst’s Guide to Suricata book written with Eric Leblond.

Additionally, Peter is one of the founders of Stamus Networks, a company providing commercial and open-source network detection and response solutions based on Suricata. Peter often engages in private or public training events in the area of advanced deployment and threat hunting at conferences, workshops or live-fire cyber exercises such as Crossed Swords, Locked Shields, DeepSec, Troopers, DefCon, Suricon, SharkFest, RSA, Flocon, MIT Lincoln Lab and others