Cut the Sh-t - How to Reign in Your IDS

Discover effective strategies for optimizing your Intrusion Detection System (IDS) in this informative BSidesLV conference talk. Learn about sensor placement, IP and port variables, and the anatomy of Snort rules. Explore techniques such as IP reputation, Berkeley Packet Filter, and passive DNS to enhance your IDS capabilities. Gain insights into flow monitoring, metadata analysis, and useful open-source projects like AutoSnork and Metasploit. Master the art of reducing noise and increasing signal in your security monitoring efforts.

Intro
Why Im here
Less Noise More Signal
Sensor Placement
Sensor Placement Diagram
IP and Port Variables
IP Variables
Why are we doing this
Pulling Pork
snort rule anatomy
snort rule example
pass rules
log being calm
Limit
IP Reputation
Berkeley Packet Filter
BPF Example
BPF is Black Magic
snort software stack
snort recap
Pry
Passive DNS
Metadata
TCP Traffic
Flow Monitoring
Recap
Open Source Projects
AutoSnork
Metasploit
Unlimited
Screencap
Blindseeker
Outro