This lab-intensive course introduces you to Snort rule writing. Among other powerful features, you become familiar with:
Snort rule development
Snort rule language
Standard and advanced rule options
The course begins by identifying the key features and characteristics of a typical Snort rule development environment. You will develop and test custom rules in a preinstalled Snort environment and identify how to use advanced rule-writing techniques. You will investigate how to include OpenAppID in your rules and also identify how to filter rules and monitor their performance.
This course combines lecture materials and hands-on labs that give you practice in creating Snort rules.
Instructor did a great job, from experience this subject can be a bit dry to teach but he was able to keep it very engaging and made it much easier to focus.
Excellent presentation skills, subject matter knowledge, and command of the environment.
Instructor was outstanding. Knowledgeable, presented well, and class timing was perfect.
Click here to print this page »
Cisco recommends that you have the following knowledge and skills before taking this course:
Basic understanding of networking and network protocols
Basic knowledge of Linux command-line utilities
Basic knowledge of text editing utilities commonly found in Linux
Basic knowledge of network security concepts
Basic knowledge of a Snort-based IDS/IPS system
Detailed Class Syllabus
Module 1: Introduction to Snort Rule Development
Module 2: Snort Rule Syntax and Usage
Module 3: Traffic Flow Through Snort Rules
Module 4: Advanced Rule Options
Module 5: OpenAppID Detection
Module 6 Tuning Snort