Suricata is known as a high-performance signature-based open source IDS/IPS. As with all signature based IDS, it produces millions of security events that are difficult to sort through. This talk will show how it is possible to leverage contextual metadata and a thread-based approach to get IDS alive and useful.

RSA® Conference, the world’s leading information security conferences and expositions, concluded its 30th annual event, which took place as a fully virtual experience this week. This year’s theme was Resilience, and in honor of all that the cybersecurity industry has accomplished over the past three decades, offered a must-attend celebration of thought leadership and education.


More than 20,000 people registered to view 449 sessions including, keynotes, track sessions, interactive programs, tutorials, seminars, and many special digital-first programs that focused on best practices and innovation. The content covered many of the industry’s most pressing topics, including privacy, machine learning and artificial intelligence, analytics, anti-fraud, policy and government, and risk management and governance.

Leveraging Suricata in the Enterprise: Shifting from Events to Insights

Conference: RSA Conference 2021

Abstract

Post a comment

Related work

Detecting Malicious Files with YARA Rules as They Traverse the Network

A New Trend for the Blue Team - Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/Ransomware

To Flexibly Tame Kernel Execution With Onsite Analysis

Improve Likelihood Calculation by Mapping MITRE ATT&CK to Existing Controls

Circumventing the Guardians: How the Security Features in State-of-the-Art TLS Inspection Solutions can be Exploited for Covert Data Exfiltration

It Is More Than Just Correlation - A Debug Journey