Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRULES) v2.0 is a 3-day instructor-led or virtual instructor-led, lab-based, hands-on course that introduces you to Snort rule writing. Among other powerful features, you become familiar with:
  • Snort rule development
  • Snort rule language
  • Standard and advanced rule options
  • OpenAppID
  • Tuning
The course begins by identifying the key features and characteristics of a typical Snort rule development environment. You will develop and test custom rules in a preinstalled Snort environment and identify how to use advanced rule-writing techniques. You will investigate how to include OpenAppID in your rules and also identify how to filter rules and monitor their performance. This course combines lecture materials and hands-on labs that give you practice in creating Snort rules.

The price in Cisco Learning Credits (CLC) for the SSFRULES course is 21 CLCs per person.

Choose date

Price chage currency
Date: from 12.4.2021 to 14.4.2021
Language: English
Location: Europe/Africa
1750 $ Book now
Date: from 27.10.2021 to 29.10.2021
Language: English
Location: Europe/Africa
1750 $ Book now


Upon completion of this course, you should be able to:
  • Describe the Snort rule development process
  • Describe the Snort basic rule syntax and usage
  • Describe how traffic is processed by Snort
  • Describe several advanced rule options used by Snort
  • Describe OpenAppID features and functionality
  • Describe how to monitor the performance of Snort and how to tune rules


Course Outline
  • Module 1: Introduction to Snort Rule Development
  • Module 2: Snort Rule Syntax and Usage
  • Module 3: Traffic Flow Through Snort Rules
  • Module 4: Advanced Rule Options
  • Module 5: OpenAppID Detection
  • Module 6 Tuning Snort

Lab Outline
  • Lab 1: Connecting to the Lab Environment
  • Lab 2: Introducing Snort Rule Development
  • Lab 3: Basic Rule Syntax and Usage
  • Lab 4: Advanced Rule Options
  • Lab 5: OpenAppID
  • Lab 6: Tuning Snort

Prerequisite Knowledge

Cisco recommends that you have the following knowledge and skills before taking this course:
  • Basic understanding of networking and network protocols
  • Basic knowledge of Linux command-line utilities
  • Basic knowledge of text editing utilities commonly found in Linux
  • Basic knowledge of network security concepts
  • Basic knowledge of a Snort-based IDS/IPS system