Suricata's Integration with Cyber Ranges
HTML-код
- Опубликовано: 4 дек 2022
- Presented at SuriCon 2022 by Chris "BigBiz" Brown
Gone are the days of “sure, I know Suricata” or post-course exams that have static questions and multiple choice answers. These days, it’s “trust but verify” and there’s no better way to do that than engaging in setting students, candidates, SOC teams and those that need to validate their skills into a cyber range, live-fire cyber exercises or simulations platform that comprehensively verifies and validates skills & knowledge through range operations for observation, performance measurement, dynamic analysis & next level feedback for advancing skills & proficiency.
In this talk, the theme would be “Westworld (sort of) meets Suricata on the cyber range of yesterday, today and tomorrow.”
For reference: en.wikipedia.org/wiki/Westwor...)
Specific topics to be discussed:
- Individual and Team scenarios that Suricata can be used for a specific class of incidents
- Range and exercise monitoring for metrics
- Real world attack scenarios to scale up an individual or team’s analytic ability based on relevant and recent events within the past 6-18 months
- Risk assessment and evaluation using customer or organization rulesets against simulations to profile signature efficacy mapping to quad chart style false positive, true positive, false negative, excessive firing scoring
- Intersection of open source vs licensing required to enable “advanced” features for SOC team collaboration during cyber range and simulation exercises 
Развлечения
