If you remember some time ago in this forum I said I would be working on making a book for guidance on network intrusion detection best practices, featuring Suricata. Since then, I’ve been taking a little bit of time here and there to write. Prior to coming to proofpoint, I wrote a book called Building Virtual Machine Labs: A Hands-On Guide (leanpub.com/avatar2 – please note that the pay what you want slider CAN be set to free to obtain a free copy).
While I was writing that book, with every chapter completed, I would release a new, cumulative iteration of the book for the community to check out, if they were interested. I wanna keep with the same tradition here, and release cumulative updates as i complete chapters for this book. Releasing these cumulative updates here allows me to get feedback from you all since this is a forum. I can correct problems or perhaps incorporate concepts you think are missing from the work.
If you are interested, you can download this work here for free. The only edition available right now is PDF. By default, the price should be set to 0.00 (free). Simply add the book to your cart, then check out. you should not be charged any fees and will be directed to a page where you can download the PDF.
Bear in mind that this is a work in progress, and that the PDF only consists of the first three chapters for this work. I will be adding more chapters to the manuscript (and posting updates here) as I complete them. Thank you for your time, I hope you enjoy it, and if there is any constructive feedback you would like to offer, please feel free to let me know.
Started reading this over the weekend, @trobinson667. I aspire to publish something useful one day myself, so thanks for sharing your progress with the community.
I realize that this thread is significantly old, but to make a long story short, there have been multiple updates to this work since its early inception, with a lot more progress having been made. I’m still not done, but we’re getting closer.
As of my latest update, there are 7 chapters, with the latest being a chapter of scenario exercises that demonstrate how threat research becomes Suricata rules that make it to the ET ruleset.
As always, the current book can be downloaded for free here:
additionally, I have a supplementary materials github repo for resources related to the book. That can be found here:
Hope you all enjoy, I welcome your feedback and/or questions.
Hello again! Over the weekend, I posted a new draft for Suricata: an Operator’s Guide.
Major changes:
Finished chapter 8. Like chapter 7, chapter 8 is an exercises chapter. This time around however, the focus is on vulnerability research. Readers will get an introduction to vulnerability analysis, reproducing vulnerability conditions, and utilizing reviewed proof-of-concept exploit code. This chapter has three different scenarios, based on three different web-based CVEs in which readers will produce packet captures based on proof-of-concept exploits for writing Suricata rules.
Finished Chapter 9, a capstone chapter for the exercises in chapters 7 and 8. This is a very brief chapter I wanted to include in order to help readers learn more about threat research, vulnerability research, honeypot deployment, exploitation/post-exploitation frameworks to support the overarching goal of detection engineering and Suricata rule development these exercises are meant to reinforce.
This new draft is available via the same leanpub URL, and is still pay-what-you-want, with a minimum price set to “free”.