Classes‎ > ‎

Snort Rule Writing







Snort Rule Writing Course


Overview:

This three (3) day course was designed to provide the knowledge and skills to the IT security professional
to both understand Snort  rules and write and design their own rules to respond to malicious activity. 
The course begins by analyzing very simple Snort rules and their syntax and advancing to more complex, 
multi-packet rules that are required to respond to more sophisticated attacks. 

Students will have an opportunity to test their rules against live malicious traffic to determine their efficacy.


Target Audience:

This course is designed for the IT security professional who needs additional knowledge to tailor their 
Snort installation to be able to respond to new, unknown or unique malicious activity.


Course Outline:

    I. Dissecting Snort Rules

    II. Using Variables

    III. Understanding Rule Headers

    IV. Rule Options

    V. IP Options

    VI. TCP Options

    VII. ICMP Options

    VIII. PCRE in Rule Options

    VIII. Metadata Options

    IX. Miscellaneous Rule Options

    X. Snort Rule Writing Best Practices






$1495 for this three(3) day course.



To register, or for more information, contact us at keith@snort-training.com

Snort is a registered trademark of SourceFire Inc.

Snort Training Institute is not associated with Sourcefire Inc.
































Snort is a registered trademark of SourceFire Inc.

Snort Training Institute is not associated with Sourcefire Inc.













Comments