Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-866-716-6688 Other Contact Options
Checkout

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:

    $

SSFRULES - Securing Cisco Networks with Snort® Rule Writing Best Practices

Learn to analyze, exploit packet captures, and put the rule writing theories learned to work by implementing rule-language features for triggering alerts on the offending network traffic.

GK# 5827

Course Overview

TOP

In this course, you will learn about the key features and characteristics of a typical Snort rule development environment. You will develop and test custom rules in a preinstalled Snort environment and identify how to use advanced rule-writing techniques. You will investigate how to include OpenAppID in your rules and also identify how to filter rules and monitor their performance. 

This course combines lecture materials and hands-on labs that give you practice in creating Snort rules. 

This lab-intensive course introduces you to Snort rule writing. Among other powerful features, you become familiar with: 

  • Snort rule development
  • Snort rule language
  • Standard and advanced rule options
  • OpenAppID
  • Tuning

Schedule

TOP
  • Delivery Format:
  • Date:
  • Location:
  • Access Period:

$

What You'll Learn

TOP
  • Snort rule development process
  • Snort basic rule syntax and usage
  • How traffic is processed by Snort
  • Several advanced rule options used by Snort
  • OpenAppID features and functionality
  • How to monitor the performance of Snort and how to tune rules

Outline

TOP
Viewing outline for:

Classroom Live Outline

  1. Introduction to Snort Rule Development
  2. Snort Rule Syntax and Usage
  3. Traffic Flow Through Snort Rules
  4. Advanced Rule Options
  5. OpenAppID Detection
  6. Tuning Snort

Labs

TOP
Viewing labs for:

Classroom Live Labs

Lab 1: Connecting to the Lab Environment

Lab 2: Introducing Snort Rule Development

Lab 3: Basic Rule Syntax and Usage

Lab 4: Advanced Rule Options

Lab 5: OpenAppID

Lab 6: Tuning Snort

Prerequisites

TOP

Basic understanding of:

  • Networking and network protocols
  • Linux command-line utilities
  • Text-editing utilities commonly found in Linux
  • Network security concepts
  • Snort-based IDS/IPS system

Who Should Attend

TOP
  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel
  • Channel partners and resellers

Vendor Credits

TOP

This course can be purchased with Cisco Learning Credits (CLCs).

Course Delivery

This course is available in the following formats:

Classroom Live

Receive face-to-face instruction at one of our training center locations.

Duration: 3 day

Virtual Classroom Live

Experience expert-led online training from the convenience of your home, office or anywhere with an internet connection.

Duration: 3 day

Request this course in a different delivery format.
Enroll