Short Course

Mastering Network Intrusion Defense

Hands-on detection engineering leveraging Suricata, PCAP forensics, and automation

5.0

from 15+ reviews

6 Hours of video content

Intermediate

Certificate of Completion Included

Check out Subscription Plans

Overview What You Will Learn Curriculum Instructor

Course Overview

Networking is at the core of every modern enterprise whether on-premise or in the cloud. Locating intrusions and threats “on the wire” is an essential practice to every security program. A critical tool for scalable monitoring of hundreds and thousands of hosts is the intrusion detection system (IDS). Implementing solutions, such as Suricata as an IDS or inline as an intrusion prevention system (IPS) will help scale your security monitoring and response capabilities across vast networks regardless of the architecture.

There are many tutorials, training, and documentation that describe the installation and basic usage of Suricata but don’t prepare security engineers and analysts to optimize the implementation with end-to-end lifecycle considerations on how to customize detections using Suricata and make robust detection use cases. Considerations for architectural planning, performance tuning, detection language syntax, and rule testing are also an important part of your success in the care and feeding of your detection engineering program. With hands-on guidance and modern detection implementations, Suricata can be a performant and affordable network IDS solution for many enterprises.

This course will take you through architectural considerations, how the Suricata engine works, creating custom detections, and how to test those detections successfully for scalable utilization.

The necessary resources for this course are in the "Resources" section of Video 1.1. You can also access them through this direct link - https://github.com/ec-council-learning/Mastering-Network-Intrusion-Defense

What You Will Learn

Understand deep level packet analytics and how network intrusion engines parse the data.
Apply PCAP analytics to writing tcpdump and wireshark filters for sizing and tuning of IDS engines.
Forensically carve files and indicators from PCAP streams for extended analysis in tools outside of Suricata.
Create custom detection use cases for Suricata and generate offensive payload for testing.
Develop GitHub based CI/CD runner scripts to automatically test and deploy your custom detections to Suricata.
Deploy Suricata as a monitoring IDS using Ubuntu VM and inline using PFsense VM and develop custom scripts for active response techniques.
Adapt packet filtering and analysis skills from Wireshark to Cloudflare WAF rules.

Program Curriculum

Understanding Traffic Capturing Mechanisms
Architecting and Designing Implementations
Creating Packet Captures and Filters
Examining the Suricata Engine
Chapter 1 Quiz

Analyzing Traffic in Wireshark
Extracting Indicators from PCAPs
Inferring Behaviors from PCAPs
Forensically Carving Files from PCAPs
Chapter 2 Quiz

Installing Necessary Packages
Applying Configuration Settings
Determining Runtime Modes
Ruleset Updates
Chapter 3 Quiz

Understanding Rule Schema and Syntax
Creating in an Initial Rule
Using Content Modifiers in Rules
Optimizing for Performance
Chapter 4 Quiz

Creating the Test Payload
Creating Scripts for Test Result States
Generate TTP Tests with Scripts
Modify Scripts for Additional Test States
Chapter 5 Quiz

Adapting Detections for Other Tool Use Cases
Implementing CI/CD Pipeline Automation
Develop Active Response Scripts with Monitor Mode
Chapter 6 Quiz

Load more modules

Instructor

Dennis Chow

Dennis Chow is an experienced security engineer and director for multiple Fortune 500 enterprises. He currently holds over 40+ active certifications and was a former Amazon Web Services (AWS) professional services consultant focused on security transformation and automation efforts. Dennis started his career in IT, followed by time in the SOC before moving to engineering, architecture, and leadership. During his 15+ years in the industry, Dennis has successfully taught and mentored multiple individuals from different backgrounds to become cybersecurity professionals. He has also led the initiative of setting the cyber threat intelligence sharing standards used by ISAACs today in the U.S. Healthcare vertical and is a published author on Detection Engineering and Red Team tool development.

Buy this course now

$99.99

Get Immediate access for one year today!

Upgrade to Pro Plans and Get Full Access Today!

Get this course, along with 700+ courses and 50+ learning paths and more in one subscription. Learn more

Unlock All Access

Plans start from $33/mo. Cancel anytime.

Join over 1 Million professionals from the most renowned Companies in the world!

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans

Annual Plans

Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

^$ 499.00

Billed annually or $59.00 billed monthly

Get Started Now

Start your 7-day trial for $1

What is included

700+ Premium Short Courses
50+ Structured Learning Paths
Validation of Completion with all courses and learning paths
New Courses added every month

Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

^$ 599.00

Billed annually or $69.00 billed monthly

Get Started Now

Start your 7-day trial for $1

Everything in Pro and

800+ Practice Lab exercises with guided instructions
150+ CTF Challenges with detailed walkthroughs
New Practice Labs and Challenges added every month
3 Official EC-Council Essentials Certifications¹ (retails at $897!)
Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

Hands-on FortiGate Firewall

Short Course

Hands-on FortiGate Firewall

Security Architecture and Operations

Learn how to deploy the FortiGate NGFW and how to configure the most common features of FortiGate Next-Gen Firewalls

Learn how to deploy the FortiGate NGFW and how to configure t...

$99.99

Intermediate

3 hr 0 m

Hello
Hands-on SELinux

Short Course

Hands-on SELinux

Security Architecture and Operations

Learn SELinux Basics: Implement Security Policies, Troubleshoot, and Protect Linux Systems Effectively.

Learn SELinux Basics: Implement Security Policies, Troublesho...

$49.99

Beginner

5 hr 28 m

Hello
Complete Bash Shell Scripting

Short Course

Complete Bash Shell Scripting

Security Architecture and Operations

Automate repetitive tasks with Bash Shell Scripting to save valuable time

Automate repetitive tasks with Bash Shell Scripting to save v...

$79.99

Intermediate

18 hr 10 m

Hello
Installing and Mitigating Linux Rootkits

Short Course

Installing and Mitigating Linux Rootkits

Security Architecture and Operations

Understanding the threat posed by rootkits in Linux and potential mitigations.

Understanding the threat posed by rootkits in Linux and poten...

$59.99

Advanced

3 hr 0 m

Hello
Start Hacking and Making Money Today at HackerOne

Short Course

Start Hacking and Making Money Today at HackerOne

Security Architecture and Operations

Hack Legally and Get Paid for Your Findings

Hack Legally and Get Paid for Your Findings

$59.99

Beginner

1 hr 9 m

Hello
PowerShell Scripting Essentials: Anatomy of Logging – Developing a Logging Module

Short Course

PowerShell Scripting Essentials: Anatomy of Logging – Developi...

Security Architecture and Operations

How to write a PowerShell module that contains functions to do logging for our scripts

How to write a PowerShell module that contains functions to d...

$69.99

Intermediate

6 hr 1 m

Hello
Machine Learning for Application in Digital Forensics

Short Course

Machine Learning for Application in Digital Forensics

Security Architecture and Operations

Unlocking the Potential of Machine Learning: From Theory to Practice

Unlocking the Potential of Machine Learning: From Theory to P...

$99.99

Intermediate

4 hr 0 m

Hello
Applied Python Cryptography

Short Course

Applied Python Cryptography

Security Architecture and Operations

Securing your Python code and protecting your users private information by utilizing simple, powerful, and free cryptographic libraries

Securing your Python code and protecting your users private i...

$79.99

Intermediate

4 hr 0 m

Hello