Vendor: Cisco
Mode: Classroom or Virtual Classroom with Instructor
Level: Professional
Exam: NA
Exam at your place: NA
Duration: 3 days
Language: German, French, Italian, English

SKU: SSFRules-ILT Categories: , ,

Course Price

CHF 2'800.00

(excl. VAT)

Discount available for multiple students and dedicated classes.

Course Schedule
Ask for more dates, other languages or a different delivery mode as needed and we will do our best to meet your needs.
LanguageModeStart Date
GermanVirtual Class or ClassroomOn request
FrenchVirtual Class or ClassroomOn request
ItalianVirtual Class or ClassroomOn request
EnglishVirtual Class or ClassroomOn request

What you’ll learn

The Securing Cisco Networks with Snort Rule Writing Best Practices (SSF Rules) v2.1 course, teaches participants how to craft rules for Snort, an open-source system for detecting and preventing intrusions. By combining expert guidance with practical exercises, this course equips you with the expertise to create and assess custom rules. It covers both standard and advanced rule-writing techniques, integration of OpenAppID into rules, rules filtering, rules tuning, and various other aspects. The hands-on labs provide practical experience in the creation and testing of Snort rules.

Who should enroll

This course is for technical professionals to gain skills in writing rules for Snort-based Intrusion Detection Systems (IDS) and intrusion prevention systems (IPS). The primary audience includes:

  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel using open source IDS and IPS
  • Channel partners and resellers

Technology areas

  • Security

Training overview

Objectives

After taking this course, you should be able to:

  • Describe the Snort rule development process
  • Describe the Snort basic rule syntax and usage
  • Describe how traffic is processed by Snort
  • Describe several advanced rule options used by Snort
  • Describe OpenAppID features and functionality
  • Describe how to monitor the performance of Snort and how to tune rules

Prerequisites

To fully benefit from this course, you should have:

  • Basic understanding of networking and network protocols
  • Basic knowledge of Linux command-line utilities
  • Basic knowledge of text editing utilities commonly found in Linux
  • Basic knowledge of network security concepts
  • Basic knowledge of a Snort-based IDS/IPS system

Outline

  • Introduction to Snort Rule Development
  • Snort Rule Syntax and Usage
  • Traffic Flow Through Snort Rules
  • Advanced Rule Options
  • OpenAppID Detection
  • Tuning Snort

Lab outline

  • Connecting to the Lab Environment
  • Introducing Snort Rule Development
  • Basic Rule Syntax and Usage
  • Advanced Rule Options
  • OpenAppID
  • Tuning Snort

Information request
Please enable JavaScript in your browser to complete this form.
Your Name
How did you find us?
This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.