Trials and demos
How to buy

Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRules)

The Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRules) training shows you how to write rules for Snort, an open-source intrusion detection and prevention system. Through a combination of expert-instruction and hands-on practice, this training provides you with the knowledge and skills to develop and test custom rules, standard and advanced rules-writing techniques, integrate OpenAppID into rules, rules filtering, rules tuning, and more. The hands-on labs give you practice in creating and testing Snort rules.

What you need to know

Continuing Education

Earn 24 CE credits towards recertification

Ways to get this training

Cisco U. Learning Path

Follow a guided Learning Path designed for your certification success. Pre- and post-assessments help you skip what you know and focus on what you need to learn.

View Learning Path

Instructor-led training

Join lively classroom-style learning and discussions, online or in person, that are led by Cisco and our Learning Partners.

Register for instructor-led training

E-learning

Access a rich library of technology and certification training, study bundles, practice exams, simulators, and more.

Explore the e-learning course
Download the course overview (PDF)

    How you'll benefit

    This training will help you:

    • Gain an understanding of characteristics of a typical Snort rule development environment
    • Gain hands-on practices on creating rules for Snort
    • Gain knowledge in Snort rule development, Snort rule language, standard and advanced rule options

    Who should enroll

    • Security administrators
    • Security consultants
    • Network administrators
    • System engineers
    • Technical support personnel using open-source IDS and IPS
    • Channel partners and resellers

    Technology areas

    • Security

    Objectives

    • Describe the Snort rule development process
    • Describe the Snort basic rule syntax and usage
    • Describe how traffic is processed by Snort
    • Describe several advanced rule options used by Snort
    • Describe OpenAppID features and functionality
    • Describe how to monitor the performance of Snort and how to tune rules

    Prerequisites

    There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are:

    • Basic understanding of networking and network protocols
    • Basic knowledge of Linux command-line utilities
    • Basic knowledge of text editing utilities commonly found in Linux
    • Basic knowledge of network security concepts
    • Basic knowledge of a Snort-based IDS/IPS system

      Outline

      • Introduction to Snort Rule Development
      • Snort Rule Syntax and Usage
      • Traffic Flow Through Snort Rules
      • Advanced Rule Options
      • OpenAppID Detection
      • Tuning Snort

      Lab outline

      • Connecting to the Lab Environment
      • Introducing Snort Rule Development
      • Basic Rule Syntax and Usage
      • Advanced Rule Options
      • OpenAppID
      • Tuning Snort