Email the Author
You can use this page to email Tony Robinson about Suricata: An Operator's Guide.
About the Book
Greetings!
This work is focused on teaching readers about network intrusion detection system best practices, featuring the Suricata network intrusion detection platform.
This book is still a work in progress and currently consists of three chapters. As time progresses, I will be publishing new iterations of this work with more chapters. Here are the chapters I have planned currently:
· NIDS and IDS Evasion history, its influence on design for both Snort and Suricata (Done)
· Setting up a rule writing/performance testing environment with Dalton (Done)
· Understanding the importance of sensor placement (Done)
· Anatomy of a Suricata 5+ rule
· What makes a rule good
· Understanding rule performance metrics
· Methods to reduce false positives and alert fatigue
· Where to acquire malware samples and research material for developing Suricata rules
· Scenarios/exercises involving malware, pcaps and rule writing
As work progresses and I gain feedback from readers I may include additional chapters. Thank you very much for your feedback and patronage.
About the Author
Tony Robinson is Security Engineer working for a midwestern MSSP. He has approximately 10 years of general experience in Systems Administration and Information Security roles, with his specialties being Network Security Monitoring, Threat Intelligence, and Malware Analysis
When he is not working, he can be found admiring good sushi, good mead, and fun video games.