Presented at SuriCon 2018 by Champ Clark III, Quadrant Information Sec
Pairing Suricata and Sagan together has given our Security Operation Operations (SOC) greater visibility into malicious activity and improved our ability to detect threats. We leverage Suricata for network threat detection and Sagan to detect threats via log analysis (Windows events logs, syslog, etc). This talk aims to explain how to correlate data between Suricata and Sagan so you can detect and defend against threats and gain greater visibility into your network. This talk also covers the new “Meer” project. Meer is a project that works similarly to “Barnyard2” but rather than reading Unified2 files, Meer reads Suricata and Sagan “EVE” (JSON) alert files. Meer can be found at github.com/beave/meer!