Snort Intrusion Detection, Rule Writing, and PCAP Analysis
Udemy
Course Summary
Learn how to write Snort rules from a real cybersecurity professional with lectures and hands-on lab exercises.
-
+
Course Description
***LIMITEDÂ TIME OFFER:Â 50% off with coupon code TENDOLLARS****
***LIMITEDÂ TIME OFFER:Â 50% off with coupon code TENDOLLARS****
Hello everybody. My name is Jesse Kurrus, and I’ll be your professor for the duration of the Snort Intrusion Detection, Rule Writing, and PCAP Analysis course. This course will consist of five lectures, and four labs to reinforce the concepts you learn in the lectures. I suggest that you go through the lectures prior to jumping straight into the labs.
Lecture 1 is the introduction. Lecture 2 is a high-level overview of Snort NIDS and Snort rules, giving you a background of Snort when used as a Network Intrusion Detection System and the rules used by Snort. Lecture 3 is an overview of Snort NIDS rule options, giving you very in depth coverage of most of the keyword used in Snort rules. Lecture 4 explains the two mostly widely used rulesets, Talos/VRT and ET. Lecture 5 covers VirtualBox and SecurityOnion technology, which we will be using later in our labs (this was removed). Lecture 6 explains how to write custom Snort rules, and the best practices of Snort rule writing.
Lab 1 will provide a step-by-step demonstration of how to set up a Security Onion virtual machine using VirtualBox as a software hypervisor. Lab 2 will show you how to write effective Snort rules for indicators derived from a packet capture. Lab 3 will expose you to an effective automated Snort rule checking script. Lab 4 will show you how to test Snort rules for their effectiveness in live environment.