Cut the Sh-t - How to Reign in Your IDS
Offered By: BSidesLV via YouTube
Course Description
Overview
Discover effective strategies for optimizing your Intrusion Detection System (IDS) in this informative BSidesLV conference talk. Learn about sensor placement, IP and port variables, and the anatomy of Snort rules. Explore techniques such as IP reputation, Berkeley Packet Filter, and passive DNS to enhance your IDS capabilities. Gain insights into flow monitoring, metadata analysis, and useful open-source projects like AutoSnork and Metasploit. Master the art of reducing noise and increasing signal in your security monitoring efforts.
Syllabus
Intro
Why Im here
Less Noise More Signal
Sensor Placement
Sensor Placement Diagram
IP and Port Variables
IP Variables
Why are we doing this
Pulling Pork
snort rule anatomy
snort rule example
pass rules
log being calm
Limit
IP Reputation
Berkeley Packet Filter
BPF Example
BPF is Black Magic
snort software stack
snort recap
Pry
Passive DNS
Metadata
TCP Traffic
Flow Monitoring
Recap
Open Source Projects
AutoSnork
Metasploit
Unlimited
Screencap
Blindseeker
Outro
Taught by
BSidesLV
Related Courses
Systems and Application Security(ISC)² via Coursera Fundamentals of Computer Network Security
University of Colorado System via Coursera Basic Network and Database Security
IBM via edX Information Security Operations Center ISOC for Non-Techies
Udemy Cybersecurity of Networks from Scratch to Advanced
Udemy