Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Cut the Sh-t - How to Reign in Your IDS

BSidesLV via YouTube

Overview

Discover effective strategies for optimizing your Intrusion Detection System (IDS) in this informative BSidesLV conference talk. Learn about sensor placement, IP and port variables, and the anatomy of Snort rules. Explore techniques such as IP reputation, Berkeley Packet Filter, and passive DNS to enhance your IDS capabilities. Gain insights into flow monitoring, metadata analysis, and useful open-source projects like AutoSnork and Metasploit. Master the art of reducing noise and increasing signal in your security monitoring efforts.

Syllabus

Intro
Why Im here
Less Noise More Signal
Sensor Placement
Sensor Placement Diagram
IP and Port Variables
IP Variables
Why are we doing this
Pulling Pork
snort rule anatomy
snort rule example
pass rules
log being calm
Limit
IP Reputation
Berkeley Packet Filter
BPF Example
BPF is Black Magic
snort software stack
snort recap
Pry
Passive DNS
Metadata
TCP Traffic
Flow Monitoring
Recap
Open Source Projects
AutoSnork
Metasploit
Unlimited
Screencap
Blindseeker
Outro

Taught by

BSidesLV

Reviews

Start your review of Cut the Sh-t - How to Reign in Your IDS

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.