Course Overview
TOPIn this course, you will learn about the key features and characteristics of a typical Snort rule development environment. You will develop and test custom rules in a preinstalled Snort environment and identify how to use advanced rule-writing techniques. You will investigate how to include OpenAppID in your rules and also identify how to filter rules and monitor their performance.
This course combines lecture materials and hands-on labs that give you practice in creating Snort rules.
This lab-intensive course introduces you to Snort rule writing. Among other powerful features, you become familiar with:
- Snort rule development
- Snort rule language
- Standard and advanced rule options
- OpenAppID
- Tuning
This course is eligible for 24 Continuing Education Credits (ILT & ELT Modality).
Scheduled Classes
TOPOutline
TOP- Introduction to Snort Rule Development
- Snort Rule Syntax and Usage
- Traffic Flow Through Snort Rules
- Advanced Rule Options
- OpenAppID Detection
- Tuning Snort
Prerequisites
TOPBasic understanding of:
- Networking and network protocols
- Linux command-line utilities
- Text-editing utilities commonly found in Linux
- Network security concepts
- Snort-based IDS/IPS system
Who Should Attend
TOP- Security administrators
- Security consultants
- Network administrators
- System engineers
- Technical support personnel
- Channel partners and resellers
