Snort User Webcast Series

Note: The Webex ARF player is required for the playback of recorded sessions, you may download it here: http://www.webex.com/play-webex-recording.html


March 13, 2014 | Open Source Community Webinar
Joel Esler, Open Source Manager discusses the news going on with Snort, ClamAV, Snort.org and the Cisco integration.

Webcast Recording | Slides


July 20, 2011 | Snort Tuning 101
Nick Moore, Sourcefire Security Engineer discusses the basics of Snort tuning. Going over variables, basic rule tuning, and other goodies.

No webcast available | Slides


May 26, 2011 | Using Multiconfig
John Gay, Sourcefire Educational Instructor and Snort Courseware developer goes over the configuration and usage of the "Multiconfiguration" feature of Snort. This presentation does not have a recorded Webinar.

No webcast available | Slides


April 13, 2011 | Introduction to Snort: Part 1
Nick Moore, Sourcefire Security Engineer discusses the setup of Snort 2.9.0.5 on Fedora Core 14. Lots of Q&A during the presentation and afterwards leads this to be a great first-watch installation guide for Snort. Coupled with Nick's great guide over on Snort's Documentation Page, this should lead a user to a successful install.

No webcast available | Nick's Install Guide


November 9, 2009 | Performance Tuning: Rules & Preprocessors
Steve Sturges, Snort development team manager, discusses guidelines for tuning Snort based on performance statistics from rule and preprocessor profiling and the perfmon preprocessor. This session is intended to help Snort administrators when tuning and troubleshooting performance issues. The discussion may also be useful to Snort rule writers for measuring the potential performance impact of their rules.

No webcast available | download the slides


September 21, 2009 | What's New in Snort 2.8.5
Steve Sturges, Snort development team manager and Steve Kane, Snort product manager, discuss a number of new features and enhancements to improve the detection capabilities and performance of Snort 2.8.5

  • A new SSH preprocessor
  • Support for multiple configurations
  • New and updated filtering options
  • Improved restart and update processes

No webcast available | No webcast available | download the slides


July 24, 2009 | Pimp My Snort
Leon Ward and JJ Cummings discuss three open source tools that will help you customize your Snort Install. Tools covered in this episode include:

  • Dumb Pig - Parses a snort rule-set, and depending on command line options, will recommend “fixes” for dumb Snort rules
  • SnoGE - Plots attacker location via Google Earth
  • Pulled Pork - Beta release of a new Snort rules management tool

No webcast available | No webcast available | download the Pulled Pork slides


June 12, 2009 | Installing Snort 2.8.4 on Fedora Core 10
In this edition of the Snort Users Webinar Series Nick Moore a Security Engineer with Sourcefire will discuss installing Snort 2.8.4 on Fedora Core 10. Nick’s presentation will cover a basic Snort/Base installation on a VMWare install of FC 10 with:

  • MySQL 5.0.77
  • Libnet 1.0.2a
  • Libpcap 1.0.0
  • BASE 1.4.2
  • Apache 2.2.11

No webcast available | download the slides


April 22, 2009 | What's New in Snort 2.8.4
In this webinar, Steve Kane, Snort product manager and Steve Sturges, Snort development team manager, discuss what’s new in Snort 2.8.4. Snort 2.8.4 introduced a number of new features to improve the detection capabilities and performance of Snort. The release features:

  • New DCE/RPC preprocessor
  • Improved support for IPv6
  • New support for target-based functionality
  • The ability to prefilter traffic to improve performance

No webcast available | download the slides


February 23, 2009 | Effective Problem Reporting: How to Get Your Problems Noticed and Fixed
In this session of the Snort-Users webinar series, Alex Kirk of the Sourcefire VRT discusses how to prepare a Snort rules-related bug report that will enable the VRT to help you solve the problem at hand. Discussion will include:

  • Common pitfalls in false positive/negative reporting
  • Steps that you should take prior to submitting a bug report for a rule
  • A checklist you should use when you're ready to submit your bug report

No webcast available | download the slides


November 12, 2008 | Using the Host Attribute Table in Snort
This session features Ed Mendez, Director of Courseware Development for the Sourcefire Education Team. Ed will discuss Using Snort's Host Attribute Table. The session will include an overview of what you can do with it and why you might find it useful. It will also discuss how to build the attribute table file and describe the XML structures it uses. Additionally, this session will describe how you can write rules that take advantage of this feature to provide more robust detection capabilities.
No webcast available | download the slides


September 17, 2008 | Writing Effective Rules, Part II
In this session Matt Olney of the Sourcefire Vulnerability Research Team (VRT) will present Performance Rules Creation: Rules Options and Techniques. In this session Matt will look at the use of several different rule options by examining their use in published VRT rules:

  • Detecting buffer overflows with content checks and isdataat, and PCRE
  • Detecting attacks against the Kaminsky DNS bug with byte_test
  • Parsing variable sized protocols and using byte_test for buffer overflow detection
  • Fun with the content and replace keywords

No webcast available | download the slides


Aug 20, 2008 | Common Mistakes with Snort and How to Fix Them
Common Mistakes with Snort and How to fix them. In this session Joel Esler, a Sourcefire security consultant and frequent contributor to the Snort community discusses some of the most common mistakes made when configuring and using Snort and how to fix them. Topics covered in this session will include:

  • Snort.conf file
  • Variables
  • Preprocessors
  • Rules
  • Barnyard and SnortUnified

No webcast available


June 4, 2008 | Writing Effective Rules, Part I
In this latest Snort Users Webinar, Matt Olney of the Sourcefire VRT discusses the VRT's methodology for writing effective Snort Rules and what you need to know about Snort to take on rule writing. The one-hour session covers:

  • Detection theory
  • Snort’s architecture
  • Rule options available in Snort

No webcast available | download the slides


February 27, 2008 | Intro to Snort
One-hour webcast wth Ed Mendez, Director of Instructional Design and Development, covering the basic steps necessary to install, configure and use Snort. The session covers:

  • Planning a deployment
  • Preparing for the install
  • Software requirements
  • Installing Snort
  • Basic Snort operation
  • Tuning strategies

No webcast available | download the slides