Securing Cisco Networks with Snort Rule Writing Best Practices (SSF Rules) v2.1 is a 3-day course that shows you how to write rules for Snort, an open-source intrusion detection and prevention system. Through a combination of expert-instruction and hands-on practice, this course provides you with the knowledge and skills to develop and test custom rules, standard and advanced rules-writing techniques, how to integrate OpenAppID into rules, rules filtering, rules tuning, and more. The hands-on labs give you practice in creating and testing Snort rules.
The course qualifies for 24 Cisco Continuing Education credits (CE) towards recertification.
This course will help you:
- Gain an understanding of characteristics of a typical Snort rule development environment
- Gain hands-on practices on creating rules for Snort
- Gain knowledge in Snort rule development, Snort rule language, standard and advanced rule options
Prerequisites:
The knowledge and skills that a learner should have before attending this course are as follows:
- Basic understanding of networking and network protocols
- Basic understanding of Linux command-line utilities
- Basic understanding of text-editing utilities commonly found in Linux
- Basic understanding of network security concepts
- Basic understanding of Snort-based IDS/IPS system
Course Objectives:
Upon completing this course, the learner will be able to meet these overall objectives:
- Describe the Snort rule development process
- Describe the Snort basic rule syntax and usage
- Describe how traffic is processed by Snort
- Describe several advanced rule options used by Snort
- Describe OpenAppID features and functionality
- Describe how to monitor the performance of Snort and how to tune rules
or 28 NTCs
Duration: 3 Days (Live Online)
Guaranteed to Run
or 28 NTCs
Duration: 3 Days (Live Online)or 28 NTCs
Duration: 3 Days (Live Online)or 28 NTCs
Duration: 3 Days (Live Online)Course Outline:
The following topics will be covered in this course:
- Introduction to Snort Rule Development
- Snort Rule Syntax and Usage
- Traffic Flow Through Snort Rules
- Advanced Rule Options
- OpenAppID Detection
- Tuning Snort
Lab Outline:
Labs are designed to assure learners a whole practical experience, through the following practical activities:
- Connecting to the Lab Environment
- Introducing Snort Rule Development
- Basic Rule Syntax and Usage
- Advanced Rule Options
- OpenAppID
- Tuning Snort
This course is for technical professionals to gain skills in writing rules for Snort-based Intrusion Detection Systems (IDS) and intrusion prevention systems (IPS). The primary audience includes:
- Security administrators
- Security consultants
- Network administrators
- System engineers
- Technical support personnel using open source IDS and IPS
- Channel partners and resellers