trainocate-cisco-training-b
Home > Vendors > Cisco > SSFRULES

SSFRULES - Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRULES) 2.0

Overview

Duration: 3 days

The Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRules) v2.0 course shows you how to write rules for Snort, an open-source intrusion detection and prevention system. Through a combination of expert-instruction and hands-on practice, this course provides you with the knowledge and skills to develop and test custom rules, standard and advanced rules-writing techniques, how to integrate OpenAppID into rules, rules filtering, rules tuning, and more. The hands-on labs give you practice in creating and testing Snort rules.

Objectives

  • Describe the Snort rule development process 
  • Describe the Snort basic rule syntax and usage 
  • Describe how traffic is processed by Snort 
  • Describe several advanced rule options used by Snort 
  • Describe OpenAppID features and functionality 
  • Describe how to monitor the performance of Snort and how to tune rules

Content

  • Introduction to Snort Rule Development 
  • Snort Rule Syntax and Usage 
  • Traffic Flow Through Snort Rules 
  • Advanced Rule Options 
  • OpenAppID Detection 
  • Tuning Snort

Audience

  • Basic understanding of networking and network protocols 
  • Basic knowledge of Linux command-line utilities 
  • Basic knowledge of text editing utilities commonly found in Linux 
  • Basic knowledge of network security concepts 
  • Basic knowledge of a Snort-based IDS/IPS system

Prerequisites

  • Basic understanding of networking and network protocols 
  • Basic knowledge of Linux command-line utilities 
  • Basic knowledge of text editing utilities commonly found in Linux 
  • Basic knowledge of network security concepts 
  • Basic knowledge of a Snort-based IDS/IPS system

Certification

This course is not associated with any Certification.

Schedule

Show Schedule for: