README.md

Day 0

• 13:00 - 13:45 Intro, vagrant, docker, Amsterdam
• 14:00 - 14:45 apt-get install, PPA
• 15:00 - 15:45 basic config,basic logging, view events
• 16:00 - 16:45 writing first rule

Day 1 :: Single Box

• 09:00 - 09:45 intro,build from source

• 10:00 - 10:45 Config

• 11:00 - 11:45 Rules management

• 13:00 - 13:45 thresholding

• 14:00 - 14:45 reputation

• 15:00 - 16:45 CEE, rsyslog

Day 2 :: Cluster

• 09:00 - 11:45 Tuning Considerations

• 13:00 - 13:45 intro,Metrix,Elastic, Minions, Master

• 14:00 - 16:45 work with boxes

Day 3 :: Advanced usage

• 09:00 - 11:45 diving into nigthly alerts

• 13:00 - 13:45 Multi Tenancy

• 14:00 - 14:45 Loading many pcaps

• 15:00 - 15:45

• 16:00 - 16:45

• Lua scripted rules

• Lua Output

• Extraction file

• TLS monitor , DNS probe , flow probe

• evil bit

• rule profiling,

• pf_packet, af_ring, ..

Day +1

• 09:00 - 09:45 Internal counters
• 10:00 - 10:45 Converting logs to pcap
• 11:00 - 11:45 pgp key signing, contact excange, thanks, etc ...

•     12:00 The End