Securing Networks with Open-Source Snort Bootcamp
Attendees will learn how to define the use and placement IDS/IPS components, identify Snort features and requirements, compile and install Snort, define, and use different modes of Snort and install and utilize Snort supporting software.
- Training Duration:
- 4 days
- Delivery:
- Online
Engineers that require an in-depth knowledge of Open-Source Snort.
Attendees will learn how to define the use and placement IDS/IPS components, identify Snort features and requirements, compile and install Snort, define, and use different modes of Snort and install and utilize Snort supporting software.
Detecting Intrusions with Snort 3.0
-
- History of Snort
- IDS
- IPS
- IDS vs. IPS
- Examining Attack Vectors
- Application vs. Service Recognition
Sniffing the Network
-
- Protocol Analyzers
- Configuring Global Preferences
- Capture and Display Filters
- Capturing Packets
- Decrypting Secure Sockets Layer (SSL) Encrypted Packets
Architecting Nextgen Detection
-
- Snort 3.0 Design
- Modular Design Support
- Plug Holes with Plugins
- Process Packets
- Detect Interesting Traffic with Rules
- Output Data
Choosing a Snort Platform
-
- Provisioning and Placing Snort
- Installing Snort on Linux
Operating Snort 3.0
-
- Topic 1: Start Snort
- Monitor the System for Intrusion Attempts
- Define Traffic to Monitor
- Log Intrusion Attempts
- Actions to Take When Snort Detects an Intrusion Attempt
- License Snort and Subscriptions
Examining Snort 3.0 Configuration
-
- Introducing Key Features
- Configure Sensors
- Lua Configuration Wizard
Managing Snort
-
- Pulled Pork
- Barnyard2
- Elasticsearch, Logstash, and Kibana (ELK)
Analyzing Rule Syntax and Usage
-
- Anatomy of Snort Rules
- Understand Rule Headers
- Apply Rule Options
- Shared Object Rules
- Optimize Rules
- Analyze Statistics
Use Distributed Snort 3.0
-
- Design a Distributed Snort System
- Sensor Placement
- Sensor Hardware Requirements
- Necessary Software
- Snort Configuration
- Monitor with Snort
Examining Lua
-
- Introduction to Lua
- Get Started with Lua
It is highly recommended to attend Securing Networks with Cisco Firepower Next Generation Firewall Bootcamp.