Let's talk about Open Source and
Shivani Bhardwaj
- Working at OISF developing parts of Suricata and it's auxiliary tools
- Interested in computer networking, rustlang, how the internet works
@tuxish
@inashivb
www.shivanibhardwaj.com
with a tiny little story so we remember it..
Meet Kit
Source: https://www.istockphoto.com/photo/funny-winking-kitten-gm1267021092-371610872
Software Dev in the 1970s
- Very cute
- Very hardworking
- Very smart
- Very annoyed at devices not working
- Willing to make a change
Open source software is code that is designed to be publicly accessible—anyone can see, modify, and distribute the code as they see fit.
Open source software is developed in a decentralized and collaborative way, relying on peer review and community production. Open source software is often cheaper, more flexible, and has more longevity than its proprietary peers because it is developed by communities rather than a single author or company.
- Red Hat
A fortunate series of events..
1983
1991
2000
2008
2008
Today
GNU operating system
Linux was released
NASA, DELL, IBM hopped in
Google released Android
GitHub was released
Open Source is the new norm
But, what about the money?
How is Open Source monetized?
- Support services
- Subscriptions
- Commercial licenses
- Funds
- Memberships
- Add-ons are chargeable
Suricata
An IDS/IPS engine and a lot more...
Open Information Security Foundation is a US based 501(c)3 non-profit foundation organized to build community and to support open-source security technologies like Suricata, the world-class IDS/IPS engine.
How did it start?
Because one person wanted to build an IDS engine that was truly open source in the spirit.
- Community driven
- Welcoming
- Healthy discussions
- Sustainable model to grow
How Suricata came into being and became a leader
Present
2010
2009
2008
2007
- Suricata is a standard in the market
- OISF founded and Suricata released
- Got funded by the US department of Homeland Security for 2 years
- Took the code and showed it to folks in a conference in US
- Victor Julien started coding a minimal multithreaded packet forwarder from scratch
How it started vs How it's going
A minimal multithreaded packet forwarder written in C by one person
Who uses Suricata?
- Many of the Fortune 500 companies
- Check out the consortium members of OISF: https://oisf.net/consortium
- Talks from employees of big tech names in our annual conference about usage of Suricata: https://suricon.net/archives-2
- Sometimes, it seems like everyone :)
- How many of you use/have used Suricata?
What does Suricata do?
What do you need minimally to see Suricata in action?
Example
1. Define what you want to achieve.
I want to see an alert every time I see an HTTP packet whose URI contains “dummy.html”.
2. Make sure suricata configuration (suricata.yaml) matches your targets.
3. Make sure there are appropriate rules in place for an expected outcome.
alert http any any -> any any (msg: “Testing HTTP alert”; content:"dummy.html"; http_uri; sid:1; rev:1;)
eve.json: The Suricata log de-facto
-
JSON logs generated as per configuration
-
A lot of metadata
-
Extremely useful with the rise of Elasticsearch
-
By default, found under /var/log/suricata
Resources
-
Read the documentation at https://suricata.readthedocs.io/en/latest
-
Check out important and free useful videos at https://www.youtube.com/channel/UCSpIq33gB7-Rl9NtUGrvHLQ
-
Ask questions on https://forum.suricata.io
-
Check out tips and announcements (releases, conferences, scholarships, trainings and much more) on https://twitter.com/suricata_ids
Let's talk about Open Source and
By Shivani Bhardwaj
