Stamus Networks, a global provider of high-performance network-based threat detection and response systems, has published an updated version of “The Security Analyst’s Guide to Suricata,” a practical guide to threat hunting and detection using Suricata – the open-source intrusion detection system (IDS) and network security monitoring (NSM) engine.
The latest edition incorporates new content, featuring an important new chapter titled, “DNS Detection and Threat Hunting.” The chapter provides a review of DNS-related protocols, a primer on DNS analysis using Suricata data, tips for writing rules that detect DNS activity using DNS keywords in Suricata 7, and a guide to hunting on DNS events.
Written by Stamus Networks co-founders, Éric Leblond and Peter Manev, who have both worked on Suricata development for more than 10 years, the book was first published in November 2022 and is the industry’s first practical guide for unlocking the full potential of Suricata. The publication was written for security operations center (SOC) analysts and threat hunters who use Suricata to gain insights into what is taking place on their networks. The book provides vital information on entry points and in-depth analysis on the most important Suricata features, and its open-source format makes it a living book that will grow and evolve over time with ongoing input from the authors as well as contributions and feedback from the Suricata community.
PDF and eReader copies of the book can be downloaded from the Stamus Networks website.
Additionally, hard copies of the book will be available at Black Hat Europe 2023 from December 4-7 on the show floor in stand 527.
