Cisco Securing Cisco Networks with Snort Rule Writing Best Practices v2.1 (SSFRULES)

Description

Duration

3 Days

18 CPD hours

This course is intended for

This course is for technical professionals to gain skills in writing rules for Snort-based Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). The primary audience includes:
Security administrators
Security consultants
Network administrators
System engineers
Technical support personnel using open source IDS and IPS
Channel partners and resellers

Overview

After taking this course, you should be able to:
Describe the Snort rule development process
Describe the Snort basic rule syntax and usage
Describe how traffic is processed by Snort
Describe several advanced rule options used by Snort
Describe OpenAppID features and functionality
Describe how to monitor the performance of Snort and how to tune rules

The Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRules) v2.1 course shows you how to write rules for Snort, an open-source intrusion detection and prevention system. Through a combination of expert-instruction and hands-on practice, this course provides you with the knowledge and skills to develop and test custom rules, standard and advanced rules-writing techniques, how to integrate OpenAppID into rules, rules filtering, rules tuning, and more. The hands-on labs give you practice in creating and testing Snort rules.

Course Outline