YoVDO

Cut the Sh-t - How to Reign in Your IDS

Offered By: BSidesLV via YouTube

Tags

Security BSides Courses Intrusion Detection Systems Courses Berkeley Packet Filter Courses

Course Description

Overview

Discover effective strategies for optimizing your Intrusion Detection System (IDS) in this informative BSidesLV conference talk. Learn about sensor placement, IP and port variables, and the anatomy of Snort rules. Explore techniques such as IP reputation, Berkeley Packet Filter, and passive DNS to enhance your IDS capabilities. Gain insights into flow monitoring, metadata analysis, and useful open-source projects like AutoSnork and Metasploit. Master the art of reducing noise and increasing signal in your security monitoring efforts.

Syllabus

Intro
Why Im here
Less Noise More Signal
Sensor Placement
Sensor Placement Diagram
IP and Port Variables
IP Variables
Why are we doing this
Pulling Pork
snort rule anatomy
snort rule example
pass rules
log being calm
Limit
IP Reputation
Berkeley Packet Filter
BPF Example
BPF is Black Magic
snort software stack
snort recap
Pry
Passive DNS
Metadata
TCP Traffic
Flow Monitoring
Recap
Open Source Projects
AutoSnork
Metasploit
Unlimited
Screencap
Blindseeker
Outro


Taught by

BSidesLV

Related Courses

Compiled BPF: Introduction and Fundamentals - Part 1
Linux Foundation via YouTube
BPF Turing Machine
Linux Foundation via YouTube
BPF and Firewall - Kernel Support for Complex Packet Filtering
Linux Foundation via YouTube
Kernel Lock Performance Analysis Using BPF
Linux Foundation via YouTube
Applicability of BPF in a Confidential Computing Context
Linux Foundation via YouTube