SSFRULES - Securing Cisco® Networks with Snort Rule Writing Best Practices (SSFRULES)

This lab-intensive course introduces you to Snort rule writing. Among other powerful features, you become familiar with:
Snort rule development
Snort rule language
Standard and advanced rule options
The course begins by identifying the key features and characteristics of a typical Snort rule development environment. You will develop and test custom rules in a preinstalled Snort environment and identify how to use advanced rule-writing techniques. You will investigate how to include OpenAppID in your rules and also identify how to filter rules and monitor their performance.
This course combines lecture materials and hands-on labs that give you practice in creating Snort rules.

Click here to print this page »


Cisco recommends that you have the following knowledge and skills before taking this course:
Basic understanding of networking and network protocols
Basic knowledge of Linux command-line utilities
Basic knowledge of text editing utilities commonly found in Linux
Basic knowledge of network security concepts
Basic knowledge of a Snort-based IDS/IPS system

Detailed Class Syllabus

Course Outline

Module 1: Introduction to Snort Rule Development
Module 2: Snort Rule Syntax and Usage
Module 3: Traffic Flow Through Snort Rules
Module 4: Advanced Rule Options
Module 5: OpenAppID Detection
Module 6 Tuning Snort