Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks...
Transcript of Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks...
![Page 1: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July.](https://reader035.fdocuments.us/reader035/viewer/2022070815/5f0f20dc7e708231d442a114/html5/thumbnails/1.jpg)
Suricata and the Shark: suriwire
É. Leblond
Stamus Networks
July. 03, 2018
É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 1 / 7
![Page 2: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July.](https://reader035.fdocuments.us/reader035/viewer/2022070815/5f0f20dc7e708231d442a114/html5/thumbnails/2.jpg)
Get the mascot
Available on Amazon: https://www.amazon.co.uk/Vivid-Arts-Meerkat-Shark-Onesie/dp/B01MAYA3A1
For only 19.99 brexit coins1
1Worth 76745.63 Columbian PesoÉ. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 2 / 7
![Page 3: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July.](https://reader035.fdocuments.us/reader035/viewer/2022070815/5f0f20dc7e708231d442a114/html5/thumbnails/3.jpg)
Get Suricata information in Wireshark
É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 3 / 7
![Page 4: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July.](https://reader035.fdocuments.us/reader035/viewer/2022070815/5f0f20dc7e708231d442a114/html5/thumbnails/4.jpg)
Also get extracted metadata
É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 4 / 7
![Page 5: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July.](https://reader035.fdocuments.us/reader035/viewer/2022070815/5f0f20dc7e708231d442a114/html5/thumbnails/5.jpg)
Filter is working
É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 5 / 7
![Page 6: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July.](https://reader035.fdocuments.us/reader035/viewer/2022070815/5f0f20dc7e708231d442a114/html5/thumbnails/6.jpg)
How it works
Wireshark plugin written in LuaLoad JSON file generated by Suricata (viaTools->Suricata->Activate)Add a new top domain protocol named suricata
É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 6 / 7
![Page 7: Suricata and the Shark: suriwire · Suricata and the Shark: suriwire É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July.](https://reader035.fdocuments.us/reader035/viewer/2022070815/5f0f20dc7e708231d442a114/html5/thumbnails/7.jpg)
Questions ?
Thanks toanonymous NSA agentWireshark teamOISF and Suricata team
Contact [email protected]: @regiteric
Get it, use ithttps://github.com/regit/suriwire
É. Leblond (Stamus Networks) Suricata and the Shark: suriwire July. 03, 2018 7 / 7