Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRULES)

The Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRules) v2.0 course shows you how to write rules for Snort, an open-source intrusion detection, and prevention system. Through a combination of expert-instruction and hands-on practice, this course provides you with the knowledge and skills to develop and test custom rules, standard, and advanced rules-writing techniques, how to integrate OpenAppID into rules, rules filtering, rules tuning, and more. The hands-on labs give you practice in creating and testing Snort rules.


This course will help you:

  • Gain an understanding of the characteristics of a typical Snort rule development environment
  • Gain hands-on practices on creating rules for Snort
  • Gain knowledge in Snort rule development, Snort rule language, standard and advanced rule options

Course Information

Price: $3,000.00
Duration: 3 days
Certification: None
Exam: 
Learning Credits: 28
Continuing Education Credits: 24
Course Delivery Options

Check out our full list of training locations and learning formats. Please note that the location you choose may be an Established HD-ILT location with a virtual live instructor.

Train face-to-face with the live instructor.

Access to on-demand training content anytime, anywhere.

Attend the live class from the comfort of your home or office.

Interact with a live, remote instructor from a specialized, HD-equipped classroom near you. An SLI sales rep will confirm location availability prior to registration confirmation.

All Sunset Learning dates are guaranteed to run!

Register

Prerequisites:

To fully benefit from this course, you should have:

  • Basic understanding of networking and network protocols
  • Basic knowledge of Linux command-line utilities
  • Basic knowledge of text editing utilities commonly found in Linux
  • Basic knowledge of network security concepts
  • Basic knowledge of a Snort-based IDS/IPS system

 

Target Audience:

  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel
  • Channel partners and resellers

 

Course Objectives:

After taking this course, you should be able to:

  • Describe the Snort rule development process
  • Describe the Snort basic rule syntax and usage
  • Describe how traffic is processed by Snort
  • Describe several advanced rule options used by Snort
  • Describe OpenAppID features and functionality
  • Describe how to monitor the performance of Snort and how to tune rules

 

Course Outline:

  • Introduction to Snort Rule Development
  • Snort Rule Syntax and Usage
  • Traffic Flow Through Snort Rules
  • Advanced Rule Options
  • OpenAppID Detection
  • Tuning Snort