Is this free pdf book of using Suricata as a ips/ids a legit one?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
Original Poster
Rep:
i filled their form and this is what they replied :
Quote:
The electronic copy of the book is on it's way
At Stamus Networks we are pleased to offer "The Security Analyst’s Guide to Suricata" – the world's first practical guide to threat detection and hunting using Suricata – to the open-source community.
Written for security operations center (SOC) analysts and threat hunters who use Suricata to gain insights into what is occurring on their networks, the book provides important information on entry points and in-depth analysis on the most important Suricata capabilities.
We hope you find it useful.
In the meantime ...
While you wait for the book, please visit our resource library to find other helpful Suricata-related information.
i used throwaway e-mail account, i hope that ill get that pdf
The link goes to a slick website, but they want your name and email data in exchange. Looks like they want to market to you and are using the PDF as bait. I'd get the info another way (there's so much free info out there) or use one of those 10 minute emails unless you don't mind them marketing to you. From a quick search, the business seems legit.
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
Original Poster
Rep:
Quote:
Originally Posted by jayjwa
The link goes to a slick website, but they want your name and email data in exchange. Looks like they want to market to you and are using the PDF as bait. I'd get the info another way (there's so much free info out there) or use one of those 10 minute emails unless you don't mind them marketing to you. From a quick search, the business seems legit.
yes, thats exactly what i thought about them.
i just wrote "company = home"
Post a follow-up please, with some review of the book. You'll get the idea quickly enough. Write a list of things you'd like to see, things you'd like not to see and virus/malware check it.
It's probably one big ad for their proprietary s/w. But they probably don't appreciate how tight fisted OSS folks can be .
The Security Analyst’s Guide to Suricata
Introduction
Stamus Networks is pleased to offer the first ‘open source’ Suricata-focused book,
The Security Analyst’s Guide to Suricata. Written by the founders of Stamus Networks,
Éric Leblond and Peter Manev, this project provides SOC analysts and threat hunters
with information on entry points and in-depth coverage for the most important Suricata
features.
The book is not to act as a replacement for the Suricata manual, which is a valuable
source of information and should be used as a reference tool by Suricata users.
Instead, its unique ‘open source’ format will grow and evolve over time with
ongoing input from Éric and Peter as well as contributions and feedback from the
Suricata community.
Contribution
We are listing the code/text for the book here, but you can also find the latest
published version of the book at Stamus Networks. We welcome contributions to the
book and you can propose updates and provide feedback on this Github. If you want to
contribute a specific topic, please check existing issues and, if needed, open one
describing your addition so we can tell you if it is inline with the content we
project on the book and has a chance to be accepted.
Threat hunting, imho is a very fast-changing game where guys are patching bugs as fast as they are found. So by the time a book is written, some of it is out of date. There's no substitute for hard work and sound specialised knowledge. That's why the newbies who install Kali don't learn pen testing. They just learn that Kali is an incomplete OS. However good it is, o0ne book or one program won't get you much.
You're now up against Government-backed operations, who will get in through some innocuous third party, spend months in your system carefully covering their tracks, and escalating their privileges. Those guys will be able to access various hacks available for your versions of certain programs, perhaps even do a 'dry run' on their own copy of your systems, and then hit you hard when you don't see it coming.
Our whole hospital system was hacked here. Everything is computerised, and a friend of mine was close to the IT company tidying it up. The hackers had penetrated the system ~6 months previously, presumably tested every move in advance. They attacked at 16:00 on a Friday afternoon. There's a 35 hour week here in a lot of places, so you can get nothing done on Friday afternoon anyhow. The sysadmins were on their weekend plans.
They infected every hospital in the country, while everyone thought things were normal. The first inexperienced trainee sysadmins noticed were screens being encrypted. Power was cut then, far too late. The entire patient databases and every windows pc connected to the hse.ie network was affected.
Our Prime Minister immediately announced publicly that no ransom would be paid, and that the country would live with the inconvenience and loss as long as necessary. The hackers were to blame for any resulting deaths. The health system went back to paper. After a week, Some hacker sent the decryption programme to a HSE sysadmin's email. After being inside the network and presumably reading email, they had that info. It still took 6-8 weeks to get it all up and back running.
That's what you're up against today. Pen testing? And in Ireland, linux servers are surprisingly rare, because it adds €5K + setup costs to the quote!
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
Original Poster
Rep:
Quote:
You're now up against Government-backed operations, who will get in through some innocuous third party, spend months in your system carefully covering their tracks, and escalating their privileges. Those guys will be able to access various hacks available for your versions of certain programs, perhaps even do a 'dry run' on their own copy of your systems, and then hit you hard when you don't see it coming.
yeah, its losing game vs those kind of threat-actors, i have been reading about Qubes-OS and immutable Linux distros. atm i am testing Qubes-OS, next maybe NixOS.
atleast i dont have system that would be interesting to that kind of hackers. and i often change distros and have important files at github. so if i would get hit by some encrypting hack i would just wipe my ssd's and move on.
My gut feeling is that the book will be testing for threats that in OSS, have been patched. If you have windows or Mac OS, sure, zero days exist. But linux users share their pain on places like this.
Quote:
Originally Posted by Douglas Adams
Nothing travels faster than light, with the possible exception of bad news, which follows its own rules.
EDIT: Are we talking Windows here? Software keyloggers for linux are vanishingly rare, I thought.
Last edited by business_kid; 02-08-2024 at 08:26 AM.
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
Original Poster
Rep:
Quote:
Originally Posted by business_kid
EDIT: Are we talking Windows here? Software keyloggers for linux are vanishingly rare, I thought.
i am not sure how rare those are, and yeah, i am talking about Linux keyloggers.
i have restricted output to ports like udp 53 and tcp 443 and to those ports that games use.
and all allowed output/input goes to suricata which is running in IPS mode via "-j NFQUEUE".
also i have OpenBSD bridge with Pf-badhost setup.
next thing i am going to do is to install some immutable Linux distro and test it.
i wont use Windows for gaming, gaming sites that i use are places that i think arent 100% reputable.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.