Suricata Inline IDS Laboratory

Master enterprise-grade intrusion detection systems with real-world attack scenarios, signature-based detection rules, and hands-on SOC analyst training in a secure, isolated environment.

Intermediate 2-3 Hours CISSP Domain 7

What You'll Learn

Deploy and configure inline IDS architecture
Analyze signature-based detection rules
Map security alerts to CISSP Kill Chain phases
Perform SOC analyst triage and incident response
Understand IDS vs IPS deployment models

172.20.10.0/24 IDS Router 172.20.20.0/24

True inline deployment — all traffic passes through IDS for inspection

Lab Machines

Red Team Ops

Attacker Machine

Ubuntu-based offensive operations platform equipped with industry-standard reconnaissance and exploitation tools. Execute controlled attacks to test defense resilience.

nmap, nikto, curl, netcat, hydra

Defensive Ops

IDS Gateway

Inline Suricata intrusion detection and prevention system. Analyze packet flows, inspect signatures, and manage real-time alerts in a production-grade environment.

suricata, tcpdump, eve.json, fast.log

Critical Asset

Target Server

Vulnerable enterprise web application server. Monitor system integrity, analyze access logs, and identify compromise indicators under active attack scenarios.

apache2, ssh, auth.log, netstat

Access Lab

Enter credentials to connect

USERNAME

SELECT MACHINE

Password prompt will appear in terminal

Lab Exercises

Network Discovery

Rule 9000001

Port Scanning

Rule 9000002

Service Enumeration

Rule 9000003

Web Attacks

Rule 9000004

Kill Chain Analysis

Analysis