Snort Intrusion Detection, Rule Writing, and PCAP Analysis
3.9 (40 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
267 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Snort Intrusion Detection, Rule Writing, and PCAP Analysis to your Wishlist.

Add to Wishlist

Snort Intrusion Detection, Rule Writing, and PCAP Analysis

Learn how to write Snort rules from a real cybersecurity professional with lectures and hands-on lab exercises.
3.9 (40 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
267 students enrolled
Created by Jesse Kurrus
Last updated 6/2017
English
Current price: $10 Original price: $20 Discount: 50% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 1.5 hours on-demand video
  • 1 Supplemental Resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Write Snort Rules
  • Analyze PCAPS using Wireshark
  • Create Virtual Machines using VirtualBox
  • Configure Security Onion
  • Test Snort rules using automated scripts
  • Analyze Snort NIDS alerts using Squert
View Curriculum
Requirements
  • Basic networking knowledge
  • Basic Linux command line interface knowledge
  • Basic knowledge about operating systems and virtualization.
Description

***LIMITED TIME OFFER: 50% off with coupon code TENDOLLARS****

***LIMITED TIME OFFER: 50% off with coupon code TENDOLLARS****

Hello everybody. My name is Jesse Kurrus, and I’ll be your professor for the duration of the Snort Intrusion Detection, Rule Writing, and PCAP Analysis course. This course will consist of five lectures, and four labs to reinforce the concepts you learn in the lectures. I suggest that you go through the lectures prior to jumping straight into the labs.

Lecture 1 is the introduction. Lecture 2 is a high-level overview of Snort NIDS and Snort rules, giving you a background of Snort when used as a Network Intrusion Detection System and the rules used by Snort. Lecture 3 is an overview of Snort NIDS rule options, giving you very in depth coverage of most of the keyword used in Snort rules. Lecture 4 explains the two mostly widely used rulesets, Talos/VRT and ET. Lecture 5 covers VirtualBox and SecurityOnion technology, which we will be using later in our labs (this was removed). Lecture 6 explains how to write custom Snort rules, and the best practices of Snort rule writing.

Lab 1 will provide a step-by-step demonstration of how to set up a Security Onion virtual machine using VirtualBox as a software hypervisor. Lab 2 will show you how to write effective Snort rules for indicators derived from a packet capture. Lab 3 will expose you to an effective automated Snort rule checking script. Lab 4 will show you how to test Snort rules for their effectiveness in live environment.

Who is the target audience?
  • Cybersecurity Professionals
  • Information Security Analysts
  • Network Security Analysts
  • SOC Analysts
  • Cybersecurity Students
Students Who Viewed This Course Also Viewed
Curriculum For This Course
11 Lectures
01:26:39
+
Lectures
6 Lectures 32:37

This video will provide an introduction and professional background of Jesse Kurrus, your instructor.

Preview 01:44

Lecture 1 consists of an introduction which will provide an overview of the subsequent lectures.

Preview 01:54

Lecture 2 is a high-level overview of Snort Network Intrusion Detection System (NIDS) and Snort rules, providing a background of Snort when it is used in NIDS mode and the rules used by Snort.

Preview 05:49

Lecture 3 is an overview of Snort NIDS rule options, providing a very in depth coverage of most of the keyword used in Snort rules.

Preview 17:04

Lecture 4 explains the two mostly widely used rulesets, Talos/VRT and ET.

Talos/VRT Ruleset and ET Ruleset
01:58

Lecture 6 explains how to write custom Snort rules, and the best practices of Snort rule writing.

Writing Custom Snort Rules
04:08
+
Section 2
5 Lectures 54:02

Lab 1 will provide a step-by-step demonstration of how to set up a Security Onion virtual machine using VirtualBox as a software hypervisor.

Lab 1: Setting up Security Onion with VirtualBox
11:44

Lab 2 will show you how to write effective Snort rules for indicators derived from a packet capture. Please refer to the attached "Snort rules - Udemy Course.txt" file for all of the rules written within this lab. If there's any issues completing this lab, please let me know in the questions section.

Lab 2: Snort Rule Writing and PCAP Analysis
17:56

Lab 3 will expose you to an effective automated Snort rule checking script.

Lab 3: Vetting Snort Rule Quality with Dumbpig
04:07

Lab 4 will show you how to test Snort rules for their effectiveness in live environment.

Lab 4: Testing Snort Rule with Tcpreplay
07:46

This bonus lab was not originally included in the curriculum, and will cover the writing and testing of two custom Snort rules which includes SSH and FTP. The first rule will cover the detection of  internal SSH brute force, and the second rule will cover the detection of SSNs in a plaintext file transfer. There will also be a break down of Snort rule requirements and options. This lab will be performed using Security Onion, Kali Linux, and Metasploitable.

Bonus Lab 1: Snort Rule Writing (SSH and FTP)
12:29
About the Instructor
Jesse Kurrus
4.2 Average rating
63 Reviews
399 Students
2 Courses
Senior SOC Analyst and Instructor at Udemy

Summary: Jesse Kurrus is a cybersecurity professional with strong network security analysis and intrusion detection experience. Jesse is skilled in utilizing commercial and proprietary Security Information and Event Management (SIEM) technology to create rules, filters, generate reports, and analyze correlations and events. Professional and academic strengths include supporting the design, implementation, and administration of enterprise computer architectures, cybersecurity, technical writing, and ethical hacking. Jesse is an active contributing member of a goal-oriented cybersecurity team, and is capable of thriving in fast-paced environments.

Specialties: Intrusion Detection / Network Security Monitoring (Security Onion, Snort, Bro, and Suricata), SIEM Technology (ArcSight and Splunk) PCAP analysis (Tcpdump, Wireshark, NetworkMiner, NetWitness/Security Analytics).

Current Degrees/Certifications:  M.S. in Information Technology with Information Assurance Specialization / B.S. in Computer Networks and Security / Network+, A+, Security+, Linux+, Certified Ethical Hacker v8.