I’ve given a talk entitled “Suricata 2.0, Netfilter and the PRC” at the Hackito Ergo Sum conference.
The talk is presenting Suricata and the new features available in version 2.0, focusing on the new EVE output and how it can be used with Elasticsearch, Logstash and Kibana. I’ve also shown how ulogd, the Netfilter logging daemon can be used with Elasticsearch thanks to the new JSON output plugin. Finally, I’ve explained how I’ve discovered a attack schema which is originating from systems running in the People Republic of China.
You can get the slides here: Suricata 2.0, Netfilter and the PRC