SELKS-Suri Tips and Tricks - E10: Threat Hunting with Suricata and Newly-Registered Domain Threat Intel

[Mark Durrett]

Hi folks,

Here is your weekly Suricata and SELKS tips and tricks email. Each week we'll feature a blog article or PDF document with something we hope you'll find useful.

Check out this series of blog posts by Peter Manev, entitled "Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD)." These provides insights and instruction on how to use the recently introduced set of free threat intel feeds based on newly registered domains. 

Part 1: https://www.stamus-networks.com/blog/threat-hunting-suricata-open-nrd 

Part 2: https://www.stamus-networks.com/blog/threat-hunting-suricata-open-nrd-part-2 

Part 3: https://www.stamus-networks.com/blog/threat-hunting-suricata-open-nrd-part-3 

Part 4: https://www.stamus-networks.com/blog/threat-hunting-suricata-open-nrd-part-4 

In this series, Peter explores the techniques that can be used to hunt for malicious TTP activity on the network using Suricata generated protocol data and/or context to an alert event. In addition, he provides hands-on examples of infection traffic and reviews detection and investigation techniques that can unearth malicious behavior. 

Let us know what you think.

Cheers!

Mark