GB
/
GBP
/
EN

Shaping the future of IT skills

Maximising IT performance through learning

Securing Cisco Networks with Snort Rule Writing Best Practices - SSFRULES

WGAC-CSC-SSFRULES

Cisco

Schedule

See all events for this course

Description

Show Tabs
Introduction

Securing Cisco® Networks with Snort Rule Writing Best Practices (SSFRULES) is an instructor-led course offered by Learning Services High-Touch Delivery. It is a lab-intensive course that introduces students to the open source Snort community and rule-writing best practices.

Users focus exclusively on the Snort rules language and rule writing. Starting from rule syntax and structure to advanced rule-option usage, you will analyze exploit packet captures and put the rule writing theories learned to work—implementing rule-language features to trigger alerts on the offending network traffic.

This course also provides instruction and lab exercises on how to detect certain types of attacks, such as buffer overflows, utilizing various rule-writing techniques. You will test your rule-writing skills in two challenges: a theoretical challenge that tests knowledge of rule syntax and usage, and a practical challenge in which we present an exploit for you to analyze and research so you can defend your installations against the attack.

This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully understand and implement open source rules

Prerequisites & Audience
  • Technical understanding of TCP/IP networking and network architecture
  • Working knowledge of how to use and operate Cisco Sourcefire® Systems or open source Snort
  • Working knowledge of command-line text editing tools, such as the vi editor
  • Basic rule-writing experience is suggested

This course is designed for technical professionals who need to know how to write rules and understand open source Snort language. The primary audience for this course includes:

  • Security administrators
  • Security consultants
  • Network administrators
  • System engineers
  • Technical support personnel
  • Channel partners and resellers
Course Benefits

Upon completion of this course, you should be able to:

  • Understand rule structure, rule syntax, rule options, and their usage
  • Configure and create Snort rules
  • Understand the rule optimization process to create efficient rules
  • Understand preprocessors and how data is presented to the rule engine
  • Create and implement functional Regular Expressions in Snort rules
  • Design and apply rules using byte_jump/test/extract rule options
  • Understand the concepts behind protocol modeling to write rules that perform better
Course Topics
  • Module 1: Welcome to the Sourcefire Virtual Network
  • Module 2: Basic Rule Syntax and Usage
  • Module 3: Rule Optimization
  • Module 4: Using PCRE in Rules
  • Module 5: Using Byte_Jump/Test/Extract Rule Options
  • Module 6: Protocol Modeling Concepts and Using Flowbits in Rule Writing
  • Module 7: Case Sudies in Rule Writing and Packet Analysis
  • Module 8: Rule Performance Monitoring
  • Module 9: Rule Writing Practiceal Labs, Exercises, and Challenges
Certification
Firepower

Cisco courses

Filter courses
Networking & TCP/IP Fundamentals - NWF
CODE: WGAC-CSC-NWF
Implementing Automation for Cisco Security Solutions - SAUI
CODE: WGAC-CSC-SAUI
Multicloud Management with Cisco CloudCenter Suite - CLDCCS
CODE: WGAC-CSC-CLDCCS
Engineering Cisco Meraki Solutions Part 1 - ECMS1
CODE: WGAC-CSC-ECMS1
Implementing Cisco Service Provider Advanced Routing Solutions - SPRI
CODE: WGAC-CSC-SPRI
Introduction to Cisco IOS XR - IOSXR100
CODE: WGAC-CSC-IOSXR100
Cisco Meeting Server Intermediate - COLLAB250
CODE: WGAC-CSC-COLLAB250
Implementing Cisco Collaboration Cloud and Edge Solutions - CLCEI
CODE: WGAC-CSC-CLCEI
Introduction to 802.1X Operations for Cisco Security Professionals
CODE: WGAC-CSC-802.1X
Implementing Automation for Cisco Collaboration Solutions - CLAUI
CODE: WGAC-CSC-CLAUI
Cisco Service Provider 5G Technologies Foundations - SPMBL100
CODE: WGAC-CSC-SPMBL100
Operating Cisco IP Fabric for Media Solution - IPFMSN
CODE: WGAC-CSC-IPFMSN
Cisco NSO Advanced for Python Programmers - NSO300
CODE: WGAC-CSC-NSO300
Cisco Unified Communications Manager Intermediate Administration - CUCMIA
CODE: WGAC-CSC-CUCMIA
Designing Cisco Data Center Infrastructure - DCID
CODE: WGAC-CSC-DCID
Cisco IOS XR Basic Troubleshooting - IOSXR201
CODE: WGAC-CSC-IOSXR201
Managing Enterprise Networks with Cisco Prime Infrastructure - MENPI
CODE: WGAC-CSC-MENPI
Implementing Automation for Cisco Data Center Solutions - DCAUI
CODE: WGAC-CSC-DCAUI
Implementing Automation for Cisco Enterprise Solutions - ENAUI
CODE: WGAC-CSC-ENAUI
Deploying Cisco Connected Mobile Experiences - WCMX
CODE: WGAC-CSC-WCMX
Implementing and Operating Cisco Security Core Technologies - SCOR
CODE: WGAC-CSC-SCOR
Implementing Cisco Collaboration Applications - CLICA
CODE: WGAC-CSC-CLICA
Cisco MDS 9000 Series Switches Overview - DCMDSO
CODE: WGAC-CSC-DCMDSO
Introduction to Cisco Sales Express Collaboration for Account Managers - ECICS
CODE: WGAC-CSC-ECICS
Multicloud Automation and Orchestration with Cisco CloudCenter Suite - CLDAO
CODE: WGAC-CSC-CLDAO
Cisco Next Generation Wireless with Catalyst 9800 - CNGW9800
CODE: WGAC-CSC-CNGW9800
Bespoke Cisco Packaged Contact Centre Enterprise Workshop - BCPCCXW
CODE: WGAC-CSC-BCPCCXW
Cisco Customer Success Manager - DTCSM
CODE: WGAC-CSC-DTCSM
Administering Cisco Unified Contact Center Enterprise Part 1 - AUCCE1
CODE: WGAC-CSC-AUCCE1
Implementing Automation for Cisco Service Provider Solutions - SPAUI
CODE: WGAC-CSC-SPAUI
Introduction to Cisco Sales Express Security - ESICS
CODE: WGAC-CSC-ESICS
Configuring Cisco NXOS Switches and Fabrics in the Data Center - DCCNX
CODE: WGAC-CSC-DCCNX
Implementing Cisco Application Centric Infrastructure - DCACI
CODE: WGAC-CSC-DCACI
Administering Cisco Unified Contact Center Enterprise Part 2 - AUCCE2
CODE: WGAC-CSC-AUCCE2
Cisco IOS XR Multicast Routing Implementation and Verification - IOSXR302
CODE: WGAC-CSC-IOSXR302
Cisco Express Networking Bootcamp Engineer Track - OCSE
CODE: WGAC-CSC-OCSE
Cisco WebEx Teams Implementation - CWTI
CODE: WGAC-CSC-CWTI
Cisco Optical Technology Intermediate - OPT200
CODE: WGAC-CSC-OPT200
Implementing an Integrated Threat Defense Solution - SECUR201
CODE: WGAC-CSC-SECUR201
Implementing Cisco Catalyst 9000 Switches - ENC9K
CODE: WGAC-CSC-ENC9K
Cisco Virtual WideArea Application Services - VWAAS
CODE: WGAC-CSC-VWAAS
Deploying Basic Cisco Wireless LANs - WDBWL
CODE: WGAC-CSC-WDBWL
Cisco SDWAN Operation and Deployment - ENSDW
CODE: WGAC-CSC-ENSDW
How to Reserve a subset of an IP Address Pool with ​Cisco DNA Center (Release 1.3.1.1)​
CODE: Youtube-67020
Bespoke Introduction to Customizing Reports with Cisco Unified Intelligence Center - BICRCUIC
CODE: WGAC-CSC-BICRCUIC
Securing Industrial IoT Networks with Cisco Technologies - ISECIN
CODE: WGAC-CSC-ISECIN
Securing the Web with Cisco Web Security Appliance - SWSA
CODE: WGAC-CSC-SWSA
DNAC Activation and Assurance - DNACAA
CODE: WGAC-CSC-DNACAA
Deploying Advanced Cisco Wireless LANs - WDAWL
CODE: WGAC-CSC-WDAWL
Securing Cisco Networks with Snort Rule Writing Best Practices - SSFRULES
CODE: WGAC-CSC-SSFRULES
Cisco NCS 2000 Series Deploying 96Channel - OPT201
CODE: WGAC-CSC-OPT201
Cisco IOS XR Broadband Network Gateway Implementation and Verification - IOSXR304
CODE: WGAC-CSC-IOSXR304
Adopting The Cisco Business Architecture Approach - DTBAA
CODE: WGAC-CSC-DTBAA
Cisco Stealthwatch for System Administrators - SSA
CODE: WGAC-CSC-SSA
Implementing and Operating Cisco Data Center Core Technologies - DCCOR
CODE: WGAC-CSC-DCCOR
Understanding Cisco Collaboration Foundations - CLFNDU
CODE: WGAC-CSC-CLFNDU
Understanding Cisco Service Provider Network Foundations - SPFNDU
CODE: WGAC-CSC-SPFNDU
Cisco NSO Administration and DevOps - NSO303
CODE: WGAC-CSC-NSO303
Implementing Cisco Enterprise Wireless Networks - ENWLSI
CODE: WGAC-CSC-ENWLSI
Implementing Cisco HyperFlex - DCIHX
CODE: WGAC-CSC-DCIHX
Introducing Cisco MDS 9000 Series Switches - DCIMDS
CODE: WGAC-CSC-DCIMDS
Cisco Webex Room Kit Support - CWRKS
CODE: WGAC-CSC-CWRKS
Implementing Secure Solutions with Virtual Private Networks - SVPN
CODE: WGAC-CSC-SVPN
Deploying Cisco Unified Contact Center Express - UCCX
CODE: WGAC-CSC-UCCX
Operating and Implementing Cisco WAN Automation Engine - WAE200
CODE: WGAC-CSC-WAE200
Cisco IOS XR Layer 3 VPN Implementation and Verification - IOSXR301
CODE: WGAC-CSC-IOSXR301
Cisco ASR 9000 Series IOS XR 64Bit Software Migration and Operational Enhancements - IOSXR211
CODE: WGAC-CSC-IOSXR211
Deploying Cisco Unified Intelligence Center - DUIC
CODE: WGAC-CSC-DUIC
Introducing Cisco Unified Computing System - DCIUCS
CODE: WGAC-CSC-DCIUCS
Troubleshooting Cisco Data Center Infrastructure - DCIT
CODE: WGAC-CSC-DCIT
Bespoke Cisco SD Access Technical Training - BCSDATT
CODE: WGAC-CSC-BCSDATT
Cisco Stealthwatch Network - SNO
CODE: WGAC-CSC-SNO
Managing Enterprise Security with Cisco Security Manager - SSECMGT
CODE: WGAC-CSC-SSECMGT
Understanding Cisco Wireless Foundations - WLFNDU
CODE: WGAC-CSC-WLFNDU
Cisco Stealthwatch Tuning - SWAT
CODE: WGAC-CSC-SWAT
Securing Cloud Deployments With Cisco Technologies - SECCLD
CODE: WGAC-CSC-SECCLD
Applying Cisco Business Architecture Discipline - DTBAS
CODE: WGAC-CSC-DTBAS
Implementing Cisco Advanced Call Control and Mobility Services - CLACCM
CODE: WGAC-CSC-CLACCM
Cisco Aggregation Services Router 9000 Series Essentials - ASR9KE
CODE: WGAC-CSC-ASR9KE
Cisco UC Technical Training for Help Desk Engineers - UCTTHD
CODE: WGAC-CSC-UCTTHD
Deploying Cisco Unified Contact Center Enterprise Software - DUCCE
CODE: WGAC-CSC-DUCCE
Cisco Small Business Technical Overview Exam Accelerated Bootcamp - SMBPPTO
CODE: WGAC-CSC-SMBPPTO
Cisco Policy Suite Core Technologies for Mobility - CPSCTM
CODE: WGAC-CSC-CPSCTM
Implementing and Administering Cisco Solutions - CCNA
CODE: WGAC-CSC-CCNA
Implementing DevOps Solutions and Practices using Cisco Platforms - DEVOPS
CODE: WGAC-CSC-DEVOPS
Implementing Cisco Multicast - MCAST
CODE: WGAC-CSC-MCAST
Developing Applications for Cisco Webex and Webex Devices - DEVWBX
CODE: WGAC-CSC-DEVWBX
Cisco Video Infrastructure Implementation VII
CODE: WGAC-CLC-VII
Introduction to Cisco Sales SMB Account Manager - SMBICS
CODE: WGAC-CSC-SMBICS
Cisco Unified Contact Centre Express Bespoke UCCX CUCM CUC - CUCCE
CODE: WGAC-CSC-CUCCE
Introducing Cisco Nexus 9000 Switches in NXOS Mode - DCINX9K
CODE: WGAC-CSC-DCINX9K
Implementing and Operating Cisco Collaboration Core Technologies - CLCOR
CODE: WGAC-CSC-CLCOR
Developing Applications Using Cisco Platforms and APIs - DEVCOR
CODE: WGAC-CSC-DEVCOR
Introduction to Cisco Sales - ICS
CODE: WGAC-CSC-ICS
Configuring the Cisco Nexus 9000 in NXOS Mode - C9KNX
CODE: WGAC-CSC-C9KNX
Introduction to Cisco Finesse Agent Desktop - CIFAD
CODE: WGAC-CSC-CIFAD
Configuring BGP on Cisco Routers - BGP
CODE: WGAC-CSC-BGP
Implementing Cisco SDWAN Solutions - SDWAN300
CODE: WGAC-CSC-SDWAN300
Integrated Threat Defense Investigation and Mitigation - SECUR202
CODE: WGAC-CSC-SECUR202
Implementing Cisco Quality of Service - QOS
CODE: WGAC-CSC-QOS
Cisco Unified Communications Security Implementation - CUCS
CODE: WGAC-CSC-CUCS
Understanding Cisco Cybersecurity Operations Fundamentals - CBROPS
CODE: WGAC-CSC-CBROPS
Securing Cisco Networks with Open Source Snort - SSFSNORT
CODE: WGAC-CSC-SSFSNORT
Engineering Cisco Meraki Solutions Bundle - ECMSBC
CODE: WGAC-CSC-ECMSBC
Introduction to Cisco Sales Express Networking - ENICS
CODE: WGAC-CSC-ENICS
Cisco Webex Teams & BE6K Implementation - WTHI
CODE: WGAC-CSC-WTHI
Implementing and Configuring Cisco Identity Services Engine - SISE
CODE: WGAC-CSC-SISE
Developing Applications and Automating Workflows using Cisco Core Platforms - DEVASC
CODE: WGAC-CSC-DEVASC
Cisco Network Service Orchestrator NSO Essentials for Programmers and Network Architects v3.0 - NSO201
CODE: WGAC-CSC-NSO201
Cisco Big Data Analytics& Architecture and Management - ANDMB
CODE: WGAC-CSC-ANDMB
Securing Networks with Cisco Firepower NextGeneration IPS - SSFIPS
CODE: WGAC-CSC-SSFIPS
Generating Reports with Cisco Unified Intelligence Center - CGRUIC
CODE: WGAC-CSC-CGRUIC
Developing Solutions using Cisco IoT and Edge Platforms - DEVIOT
CODE: WGAC-CSC-DEVIOT
Cisco IOS XR System Administration - IOSXR200
CODE: WGAC-CSC-IOSXR200
Configuring Cisco MDS 9000 Switches - DCMDS
CODE: WGAC-CSC-DCMDS
Implementing Segment Routing on Cisco IOS XR - SEGRTE201
CODE: WGAC-CSC-SEGRTE201
Implementing Cisco Collaboration Devices Express Collaboration for Systems Engineer - ECCICD
CODE: WGAC-CSC-ECCICD
Introducing Automation for Cisco Solutions - CSAU
CODE: WGAC-CSC-CSAU
Cisco Unified Communications Manager Advanced Admin - CUCMAA
CODE: WGAC-CSC-CUCMAA
Cisco Stealthwatch Security - SSO
CODE: WGAC-CSC-SSO
Deploying Cisco Unified Contact Center Express - UCCXD
CODE: WGAC-CSC-UCCXD
Introduction to Cisco Finesse Supervisor Desktop - CIFSD
CODE: WGAC-CSC-CIFSD
Implementing and Operating Cisco Enterprise Network Core Technologies - ENCOR
CODE: WGAC-CSC-ENCOR
Cisco Unified Attendant Console Standard Administration - CUACS
CODE: WGAC-CSC-CUACS
Express Security for Systems Engineer Bootcamp - ASAESE
CODE: WGAC-CSC-ASAESE
Cisco BE6K CUCM CMS and Expressway Video Solutions - BCCEV
CODE: WGAC-CSC-BCCEV
Introducing Cisco NXOS Switches and Fabrics in the Data Center - DCINX
CODE: WGAC-CSC-DCINX
Cisco Meeting Server Support - SMSS
CODE: WGAC-CSC-SMSS
Cisco Application Centric Infrastructure Operations and Troubleshooting - DCACIO
CODE: WGAC-CSC-DCACIO
Implementing Cisco - MPLS
CODE: WGAC-CSC-MPLS
Introducing Cisco Cloud Consumer Security - SECICC
CODE: WGAC-CSC-SECICC
Implementing Cisco Unified Communications Manager with Jabber - ICUCMJ
CODE: WGAC-CSC-ICUCMJ
Deploying Basic and Advanced Cisco Wireless LANs Bootcamp - WDBWL-WDAWL
CODE: WGAC-CSC-WDBWL-WDAWL
Cisco Unified Contact Centre Express UCCX Video Call Centre Implementation with Jabber - UCCXVCCI
CODE: WGAC-CSC-UCCXVCCI
Implementing Cisco Tetration Analytics - DCITET
CODE: WGAC-CSC-DCITET
Implementing and Operating Cisco Service Provider Network Core Technologies - SPCOR
CODE: WGAC-CSC-SPCOR
Cisco BE6K CUCM TelePresence and Expressway Video Solutions - BE6KBC
CODE: WGAC-CSC-BE6KBC
Understanding Cisco Data Center Foundations - DCFNDU
CODE: WGAC-CSC-DCFNDU
Protecting Against Malware Threats with Cisco AMP for Endpoints - SSFAMP
CODE: WGAC-CSC-SSFAMP
Cisco Unified Communications IPv6 Implementation - CUCIPI
CODE: WGAC-CSC-CUCIPI
Bespoke Cisco Unified Contact Centre Enterprise Workshop - BUCCXW
CODE: WGAC-CSC-BUCCXW
Securing Email with Cisco Email Security Appliance - SESA
CODE: WGAC-CSC-SESA
Implementing Cisco Enterprise Advanced Routing and Services - ENARSI
CODE: WGAC-CSC-ENARSI
Engineering Cisco Meraki Solutions Part 2 - ECMS2
CODE: WGAC-CSC-ECMS2
Cisco Certified Technician Supporting Cisco Routing and Switching Network Devices - RSTECH
CODE: WGAC-CSC-RSTECH
Implementing Cisco Service Provider VPN Services - SPVI
CODE: WGAC-CSC-SPVI
Cisco Digital Network Architecture Implementation Essentials - DNAIE
CODE: WGAC-CSC-DNAIE
Cisco Meeting Server Advanced - COLLAB350
CODE: WGAC-CSC-COLLAB350
Wireshark Basic Principles - WBP
CODE: WGAC-CSC-WBP
Configuring VXLANs on Cisco Nexus 9000 Series Switches - DCVX9K
CODE: WGAC-CSC-DCVX9K
Cisco Meeting Server Implementation - CMSI
CODE: WGAC-CSC-CMSI
Mastering The Cisco Business Architecture Discipline - DTBAD
CODE: WGAC-CSC-DTBAD
Designing Cisco Enterprise Networks - ENSLD
CODE: WGAC-CSC-ENSLD
Cisco Unified Attendant Console Standard End User - CUACSEU
CODE: WGAC-CSC-CUACSEU
Cisco Optical Technology Advanced - OPT300
CODE: WGAC-CSC-OPT300
Designing Cisco Enterprise Wireless Network - ENWLSD
CODE: WGAC-CSC-ENWLSD
Securing Networks with Cisco Firepower Next Generation Firewall - SSNGFW
CODE: WGAC-CSC-SSNGFW
Deploying Cisco SDAccess - ENSDA
CODE: WGAC-CSC-ENSDA
Cisco Unified Contact Centre Express Advanced Administration - CUCCXAA
CODE: WGAC-CSC-CUCCXAA
Cisco IPv6 Fundamentals, Design & Deployment - IP6FD
CODE: WGAC-CSC-IP6FD
Configuring Cisco Unified Computing System - DCCUCS
CODE: WGAC-CSC-DCCUCS
Cisco Unified Communications Manager Advanced Administration with Jabber - UCMAAJ
CODE: WGAC-CSC-UCMAAJ
We use cookies to understand how you use our site and to improve your experience. To learn more, click here. Read our revised Privacy Policy and Terms and Conditions.