@tuxish
@inashivb
www.shivanibhardwaj.com
Source: https://www.istockphoto.com/photo/funny-winking-kitten-gm1267021092-371610872
Open source software is code that is designed to be publicly accessible—anyone can see, modify, and distribute the code as they see fit.
Open source software is developed in a decentralized and collaborative way, relying on peer review and community production. Open source software is often cheaper, more flexible, and has more longevity than its proprietary peers because it is developed by communities rather than a single author or company.
- Red Hat
1983
1991
2000
2008
2008
Today
GNU operating system
Linux was released
NASA, DELL, IBM hopped in
Google released Android
GitHub was released
Open Source is the new norm
An IDS/IPS engine and a lot more...
Open Information Security Foundation is a US based 501(c)3 non-profit foundation organized to build community and to support open-source security technologies like Suricata, the world-class IDS/IPS engine.
Because one person wanted to build an IDS engine that was truly open source in the spirit.
Present
2010
2009
2008
2007
A minimal multithreaded packet forwarder written in C by one person
1. Define what you want to achieve.
I want to see an alert every time I see an HTTP packet whose URI contains “dummy.html”.
2. Make sure suricata configuration (suricata.yaml) matches your targets.
3. Make sure there are appropriate rules in place for an expected outcome.
alert http any any -> any any (msg: “Testing HTTP alert”; content:"dummy.html"; http_uri; sid:1; rev:1;)
JSON logs generated as per configuration
A lot of metadata
Extremely useful with the rise of Elasticsearch
By default, found under /var/log/suricata
Read the documentation at https://suricata.readthedocs.io/en/latest
Check out important and free useful videos at https://www.youtube.com/channel/UCSpIq33gB7-Rl9NtUGrvHLQ
Ask questions on https://forum.suricata.io
Check out tips and announcements (releases, conferences, scholarships, trainings and much more) on https://twitter.com/suricata_ids