[Mark Durrett]

Hi folks,

Here is your weekly Suricata and SELKS tips and tricks email. Each week we'll feature a blog article or PDF document with something we hope you'll find useful.

Before beginning any sort of threat hunt, it is important to consider the tools you are using. 

This is especially true in the case of Suricata. Many people still consider Suricata to be a “legacy” intrusion detection system (IDS), but those that are more familiar with the tool know otherwise. 

In fact, Suricata has evolved into an impressive tool for gathering NSM data and full protocol, file transaction, flow, and anomaly logs along with file extraction and PCAP logging.

Check out this recent blog from Peter Manev that describes the three Suricata fundamentals that must be understood before beginning a threat hunt:

https://www.stamus-networks.com/blog/suricata-threat-hunting-fundamentals

Let us know what you think.

Cheers!

Mark

--

D. Mark Durrett Chief Marketing Officer Stamus Networks mdur...@stamus-networks.com +1 (919) 345-9515 stamus-networks.com

The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.