Intrusion Analysis and Threat Hunting with Open-Source Tools

Posted on in Presentations

Lab participants will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches. This session will follow Chatham House Rule to allow for free exchange of information and learning. We look forward to participants actively engaging in the discussion and remind attendees that no comment attribution or recording of any sort should take place. This is a capacity-controlled session. If added to your schedule and your availability changes, please remove this session from your schedule to allow others to participate.

Attendees are not required to bring their own laptops to this lab. However if attendees would like to be hands on, please bring your own laptop with preloaded SELKS (open source). One of the two variants will work, either docker or ISO. Instructions to Docker or ISO can be accessed here:

Peter Manev


Suricata Training and QA Lead, The Open Information Security Foundation (OISF) / Suricata, Chief Strategy Officer, Stamus Netoworks

Share With Your Community