-
Securing Cisco® Networks with Snort Rule Writing Best Practices (SSFRULES) is a course offered by Cisco Learning Services High-Touch Delivery. It is a hands-on course that introduces users of open source Snort or Sourcefire FireSIGHT1 systems to the Snort rule language and rule writing best practices. You will focus exclusively on the Snort rule language and writing rules. From rule syntax and structure to advanced use of rule options, you will analyze exploit packet captures and apply the rule creation theories you have learned by implementing rule language functions to trigger alerts on attacking network traffic. This course also provides guidance and lab exercises for detecting specific types of attacks, such as buffer overflows, using various rule writing techniques. You will test your rule writing skills with two challenges: a theory challenge that tests your knowledge of rule syntax and usage, and a hands-on challenge where you will analyze and investigate an exploitable event so that you can defend your installations against attacks This course combines lecture material and hands-on exercises to ensure that you are able to successfully understand and implement open source rules.
-
Course Contents
-
- Describe the Snort rule development process
- Describe the Snort basic rule syntax and usage
- Describe how traffic is processed by Snort
- Describe several advanced rule options used by Snort
- Describe OpenAppID features and functionality
- Describe how to monitor the performance of Snort and how to tune rules
You will receive the original course documentation from Cisco in English language as a Cisco E-Book. In the Cisco Digital Learning Version, the content of the courseware is integrated into the learning interface instead.
-
Target Group
-
This course is designed for technical professionals who need to know how to write rules and understand open source Snort language. The primary audience for this course includes:
- Security Administrators
- Security Consultants
- Network Administrators
- System Engineers
- Technical Support Personnel
- Channel Partners and Resellers -
Knowledge Prerequisites
-
- Technical understanding of TCP/IP networks and network architecture
- Knowledge of the use and operation of Cisco SourcefireR Systems or open source Snort
- Knowledge of how to use command line tools for text editing, e.g. the vi editor
- Basic experience in writing rules is recommended
| Course Outline |
| Module 1: Introduction to Snort Rule Development |
| Module 2: Snort Rule Syntax and Usage |
| Module 3: Traffic Flow Through Snort Rules |
| Module 4: Advanced Rule Options |
| Module 5: OpenAppID Detection |
| Module 6 Tuning Snort |
| Lab Outline |
| Lab 1: Connecting to the Lab Environment |
| Lab 2: Introducing Snort Rule Development |
| Lab 3: Basic Rule Syntax and Usage |
| Lab 4: Advanced Rule Options |
| Lab 5: OpenAppID |
| Lab 6: Tuning Snort |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Cisco Digital Learning
- This course is available in the Cisco Digital Learning Library. These recently developed, multi-modal training events include HD videos moderated by lecturers with stored searchable text and subtitles, as well as a exercises, labs, and explanatory text and graphics. We provide this offer to you via our myExperTeach learning portal. Effective of the activation of the account, access to the courses will be granted for a duration of 6 months. In the case of packet solutions (Cisco Digital Learning Subscriptions), this time period will amount to 12 months.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
Securing Cisco® Networks with Snort Rule Writing Best Practices (SSFRULES) is a course offered by Cisco Learning Services High-Touch Delivery. It is a hands-on course that introduces users of open source Snort or Sourcefire FireSIGHT1 systems to the Snort rule language and rule writing best practices. You will focus exclusively on the Snort rule language and writing rules. From rule syntax and structure to advanced use of rule options, you will analyze exploit packet captures and apply the rule creation theories you have learned by implementing rule language functions to trigger alerts on attacking network traffic. This course also provides guidance and lab exercises for detecting specific types of attacks, such as buffer overflows, using various rule writing techniques. You will test your rule writing skills with two challenges: a theory challenge that tests your knowledge of rule syntax and usage, and a hands-on challenge where you will analyze and investigate an exploitable event so that you can defend your installations against attacks This course combines lecture material and hands-on exercises to ensure that you are able to successfully understand and implement open source rules.
-
Course Contents
-
- Describe the Snort rule development process
- Describe the Snort basic rule syntax and usage
- Describe how traffic is processed by Snort
- Describe several advanced rule options used by Snort
- Describe OpenAppID features and functionality
- Describe how to monitor the performance of Snort and how to tune rules
You will receive the original course documentation from Cisco in English language as a Cisco E-Book. In the Cisco Digital Learning Version, the content of the courseware is integrated into the learning interface instead.
-
Target Group
-
This course is designed for technical professionals who need to know how to write rules and understand open source Snort language. The primary audience for this course includes:
- Security Administrators
- Security Consultants
- Network Administrators
- System Engineers
- Technical Support Personnel
- Channel Partners and Resellers -
Knowledge Prerequisites
-
- Technical understanding of TCP/IP networks and network architecture
- Knowledge of the use and operation of Cisco SourcefireR Systems or open source Snort
- Knowledge of how to use command line tools for text editing, e.g. the vi editor
- Basic experience in writing rules is recommended
| Course Outline |
| Module 1: Introduction to Snort Rule Development |
| Module 2: Snort Rule Syntax and Usage |
| Module 3: Traffic Flow Through Snort Rules |
| Module 4: Advanced Rule Options |
| Module 5: OpenAppID Detection |
| Module 6 Tuning Snort |
| Lab Outline |
| Lab 1: Connecting to the Lab Environment |
| Lab 2: Introducing Snort Rule Development |
| Lab 3: Basic Rule Syntax and Usage |
| Lab 4: Advanced Rule Options |
| Lab 5: OpenAppID |
| Lab 6: Tuning Snort |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Cisco Digital Learning
- This course is available in the Cisco Digital Learning Library. These recently developed, multi-modal training events include HD videos moderated by lecturers with stored searchable text and subtitles, as well as a exercises, labs, and explanatory text and graphics. We provide this offer to you via our myExperTeach learning portal. Effective of the activation of the account, access to the courses will be granted for a duration of 6 months. In the case of packet solutions (Cisco Digital Learning Subscriptions), this time period will amount to 12 months.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Online Training
Trainer language English