SSFRULES - Securing Cisco Networks with Snort® Rule Writing Best Practices
Learn to analyze, exploit packet captures, and put the rule writing theories learned to work by implementing rule-language features for triggering alerts on the offending network traffic.
This course focuses exclusively on the Snort® rules language and rule writing.
Starting from rule syntax and structure to advanced rule-option usage, you will
analyze exploit packet captures and put the rule writing theories learned to work
by implementing rule-language features for triggering alerts on the offending network
This course also provides instruction and lab exercises on how to detect certain
types of attacks (such as buffer overflows) while utilizing various rule-writing
techniques. You will test your rule-writing skills in two challenges: a theoretical
challenge that tests knowledge of rule syntax and usage, and a practical challenge
in which we present an exploit for you to analyze and research so you can defend
your installations against the attack.
This course combines lecture materials and hands-on labs throughout to make sure
that you are able to thoroughly understand and implement open source rules.