Ask for more dates, other languages or a different delivery mode as needed and we will do our best to meet your needs.
| Language | Mode | Start Date |
|---|---|---|
| German | Virtual Class or Classroom | On request |
| French | Virtual Class or Classroom | On request |
| Italian | Virtual Class or Classroom | On request |
| English | Virtual Class or Classroom | On request |
What you’ll learn
Who should enroll
- Security administrators
- Security consultants
- Network administrators
- System engineers
- Technical support personnel
- Channel partners and resellers
Technology areas
- Security
- Cyber Operations
Training overview
Objectives
After taking this course, you should be able to:
- Define the use and placement IDS/IPS components.
- Identify Snort features and requirements.
- Compile and install Snort.
- Define and use different modes of Snort.
- Install and utilize Snort supporting software.
Prerequisites
To fully benefit from this course, you should have the following knowledge and skills:
- Technical understanding of TCP/IP networking and network architecture
- Basic familiarity with firewall and IPS concepts
This is the recommended Cisco course that may help you meet these prerequisites:
Outline
- Detecting Intrusions with Snort 3.0
- History of Snort
- IDS
- IPS
- IDS vs. IPS
- Examining Attack Vectors
- Application vs. Service Recognition
- Sniffing the Network
- Protocol Analyzers
- Configuring Global Preferences
- Capture and Display Filters
- Capturing Packets
- Decrypting Secure Sockets Layer (SSL) Encrypted Packets
- Architecting Nextgen Detection
- Snort 3.0 Design
- Modular Design Support
- Plug Holes with Plugins
- Process Packets
- Detect Interesting Traffic with Rules
- Output Data
- Choosing a Snort Platform
- Provisioning and Placing Snort
- Installing Snort on Linux
- Operating Snort 3.0
- Topic 1: Start Snort
- Monitor the System for Intrusion Attempts
- Define Traffic to Monitor
- Log Intrusion Attempts
- Actions to Take When Snort Detects an Intrusion Attempt
- License Snort and Subscriptions
- Examining Snort 3.0 Configuration
- Introducing Key Features
- Configure Sensors
- Lua Configuration Wizard
- Managing Snort
- Pulled Pork
- Barnyard2
- Elasticsearch, Logstash, and Kibana (ELK)
- Analyzing Rule Syntax and Usage
- Anatomy of Snort Rules
- Understand Rule Headers
- Apply Rule Options
- Shared Object Rules
- Optimize Rules
- Analyze Statistics
- Use Distributed Snort 3.0
- Design a Distributed Snort System
- Sensor Placement
- Sensor Hardware Requirements
- Necessary Software
- Snort Configuration
- Monitor with Snort
- Examining Lua
- Introduction to Lua
- Get Started with Lua
Lab outline
- Capture and Analyze Packets
- Initiate the Snort Installation
- Complete an Installation of Snort
- Configure and Run Snort
- Tweak the Installation
- Rapid Deployment with Lua
- Integrate Snort Optimizers
- Analyze Rule Syntax
- Hello World Lua Style
