Build a Network Threat Hunting Project with Ansible & Python

Recruiters want results! Show them your network threat-hunting project with Zeek, Suricata, Python, MMdb, and Ansible.

This course is part of the Practical Network Automation (PNA) series – focused on building real, portfolio-ready network automation labs.

What you’ll learn

  • Use Ansible to automate and orchestrate a PCAP analysis pipeline..
  • Use Zeek and Suricata for deep PCAP analysis and log generation..
  • Use Python code and MMdb to enrich the pipeline’s functionality..
  • Use Python to correlate all logs and alerts, and generate reports..
  • Learn how to design and build an end-to-end analysis pipeline..
  • Build a complete, 100% hands-on project to showcase to recruiters..

Course Content

  • Section 1: Setting Everything Up –> 8 lectures • 32min.
  • Section 2: Running Zeek, Suricata, Ansible –> 8 lectures • 48min.
  • Section 3: Putting Everything Together –> 14 lectures • 1hr 14min.
  • Section 4: Enriching the Analysis Pipeline –> 24 lectures • 1hr 40min.
  • Section 5: Wrapping Things Up –> 2 lectures • 2min.

Build a Network Threat Hunting Project with Ansible & Python

Requirements

This course is part of the Practical Network Automation (PNA) series – focused on building real, portfolio-ready network automation labs.

 

What’s this course all about?

Recruiters want results. Managers, too. They value builders and doers – not just theoreticians.

Show them your own hands-on threat-hunting lab for network traffic analysis, built around a fully automated pipeline using the following tools and technologies:

  • Zeek – deep PCAP analysis and context-rich security logs
  • Suricata – detection based on pre-defined rules and signatures
  • Ansible – automation and orchestration of the analysis pipeline
  • Python – for building custom scripts and enriching functionality
  • MMdb – for adding IP geolocation and ASN-related information
  • VS Code – used for organizing all of our project files and folders
  • Ubuntu – base operating system for the traffic analysis pipeline
  • VirtualBox – used for virtualization and isolation purposes

 

During this course, you’ll build a fully automated network traffic analysis pipeline that ingests PCAP files, runs in-depth analysis from multiple angles, generates actionable logs and alerts – as well as a Markdown report summary, and helps uncover unusual or malicious behavior in your network.

  • We’re going to build the project together from the ground up, step-by-step
  • You will install, execute, code, and also troubleshoot everything alongside me

 

By the end, you’ll have a threat-hunting lab that you can actually use in the real world for:

  • Becoming a better Network Engineer or Security Analyst
  • Showcasing a strong project to companies and recruiters
  • Monitoring and securing your own home network traffic

 

This project is a perfect fit if you’re looking to showcase your skills as a:

  • Network Engineer or Network Security Analyst
  • Network Automation Engineer or QA Engineer
  • Network Detection and Response Engineer
  • SOC Analyst, SOC Engineer
  • Threat Hunting Engineer

 

Important information before you enroll:

  • 30-days money-back guarantee – no questions asked
  • Unlimited, lifetime access to the course from any device
  • All the future course and code updates are included
  • Full instructor support for all course-related questions
  • A Certificate of Completion upon finishing the course

 

Time is ticking – don’t waste it! Start building.

Enroll now, and I’ll see you in the first lecture.

Get Tutorial