Build an Intrusion-Detection Rule Pack for a Manufacturing PLC Fleet
Overview
What this challenge is about.
Analyze provided PCAP (packet capture) files from 3 anonymized customer sites covering normal operating windows and 2 red-team simulation windows. Implement Suricata rules for 8 ATT&CK for ICS patterns (e.g. T0855 Unauthorized Command Message, T0836 Modify Parameter). Tune against the baseline until false positives stay under 2 percent across all 3 sites. Deliver the rule pack as a Git repository with tests, a 10-page tuning report, and an integration guide for customers running Suricata 7 in IPS (intrusion prevention system) mode.
The Brief
What you'll do, and what you'll demonstrate.
Ship a Suricata rule pack for 4 PLC families that detects 8 ATT&CK for ICS patterns with under 2 percent false-positive rate on a real captured baseline.
Earning criteria — what you'll demonstrate
- Write protocol-aware detection rules for Modbus/TCP and Ethernet/IP
- Tune detection content against real captured traffic, not synthetic data
- Map detection logic to MITRE ATT&CK for ICS techniques
- Package detection content for field-engineer deployment, not just lab use
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.