Description
Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRULES) is a 3-day instructor-led, lab-based, hands-on course that introduces you to Snort rule writing. Among other powerful features, you become familiar with:
- Snort rule development
- Snort rule language
- Standard and advanced rule options
- OpenAppID
- Tuning
Training Availability and Pricing
Date
Lang.
Location
Price
Date: /
Language: /
Location: /
2850 $
Objectives
Upon completion of this course, you should be able to:
- Describe the Snort rule development process
- Describe the Snort basic rule syntax and usage
- Describe how traffic is processed by Snort
- Describe several advanced rule options used by Snort
- Describe OpenAppID features and functionality
- Describe how to monitor the performance of Snort and how to tune rules
Outline
Course Outline
Lab Outline
- Module 1: Introduction to Snort Rule Development
- Module 2: Snort Rule Syntax and Usage
- Module 3: Traffic Flow Through Snort Rules
- Module 4: Advanced Rule Options
- Module 5: OpenAppID Detection
- Module 6 Tuning Snort
Lab Outline
- Lab 1: Connecting to the Lab Environment
- Lab 2: Introducing Snort Rule Development
- Lab 3: Basic Rule Syntax and Usage
- Lab 4: Advanced Rule Options
- Lab 5: OpenAppID
- Lab 6: Tuning Snort
Prerequisite Knowledge
Cisco recommends that you have the following knowledge and skills before taking this course:
- Basic understanding of networking and network protocols
- Basic knowledge of Linux command-line utilities
- Basic knowledge of text editing utilities commonly found in Linux
- Basic knowledge of network security concepts
- Basic knowledge of a Snort-based IDS/IPS system