Resources / Videos for Snort

Details

For Ep. #9 of ThreatWise TV, Hazel Burton talks to some of our Snort engineers to look at a variety of ways Snort can be utilized to protect organizations. We also analyze Snort data gathered by Cisco Secure Firewall and talk about the vulnerabilities and exploits that attackers targeted most often.

Details

This introduction to Snort is a high-level overview of Snort 3, Snort 2, the underlying rule set, and Pulled Pork. If you are new to Snort, watch this video for a quick orientation before downloading, installing, or configuring Snort. All links mentioned in the video are below. You can also listen to the Talos Takes episode on Snort, which provides a quick overview of Snort rules below.

Talos Takes Podcast

Details

This video will help you install and configure Snort 3 quickly and easily. Use the following resources mentioned in the video to help you through installation, configuration, and the labs portion of the video to familiarize yourself with Snort 3.

Snort 3 Docker Container

Snort Community & Mailing List

Details

Learn how to install Snort 3 from the Talos Docker container, how to enable logging, and considerations for various operating systems. After the labs in this video you will be able to configure an easy ELK stack and view be able to view log data conveniently within your favorite browser.

Snort 3 Docker Container

Elastic/Logstash Blog Post

Elastic Search

Snort Home Page

Snort Community & Mailing List

Details

This video demonstrates writing rules in Snort 3. You will need the Docker container (discussed in the Snort 3 installation video) and a running instance of Snort 3. You will learn the construction, syntax, and execution of Snort rules, look at malicious traffic samples, and look at some helpful tools for using and maintaining Snort.

There are 4 labs in this video covering basic to advanced rule usage and techniques.

Snort 3 Docker Container

Details

In Cisco Talos' latest roundtable, we gathered folks from every corner of Snort to discuss Snort 3. We cover the software's lifecycle, its origins and make a pitch for why you should upgrade today.

Snort 3 Home Page

Snort 3 Informational PDF

Talos Takes Ep. #41: The tl;dr of Snort 3

Details

This video will help you install and configure Snort 2 quickly and easily using Docker. Use the following resources mentioned in the video to help you through installation, configuration, and the labs portion of the video to familiarize yourself with Snort 2.

Snort 2 Docker and Labs

Snort Manual

Snort Documentation

Snort Community & Mailing List

Details

This video covers how to get started writing rules for the Snort 2.x open source IPS. This how-to video requires that you have a working Snort 2 installation. Watch the video on installing and configuring Snort 2 first. Learn how Snort rule syntax, structure, and operators combine to detect and alert on security events.

For a primer on RegEx, visit Regex101

Snort Overview

ThreatWise TV: How Snort works Snort 101

Snort 3

Snort 3 - Install and Config (with labs) Snort 3 - Writing Rules (with labs) Snort 3 - Logging (with labs)

Miscellaneous

Snort 3 - Roundtable Discussion

Snort 2

Snort 2 - Install and Config (with labs) Snort 2 - Introduction to Rule Writing

VRT Methodology: Focusing on Protecting "Your" Network	2011
Inline Normalization with Snort 2.9.0	2010
Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules	2009
Target-Based TCP Timestamp Stream Reassembly (with introduction to timestamps)	2007
Target-Based Fragmentation Reassembly	2005
HTTPS IDS Evasions Revisited	2004
Performance Rules Creation/VRT Rules Methodology, Snort Architecture (Preprocessors, Detection Methodology)	2003
Optimizing Pattern Matching for Intrusion Detection	2002
Performance Rules Creation Part 2, Rule Options and Techniques	2002

Snort Installation and Configuration
Basics of Snort Rule Writing (Snort2)
Snort Installation, Configuration, and Basic Usage
How to Create Useful False Positive Reports
Performance Tuning Snort
Using the Host Attribute Table Feature in Snort
Open Source Community Webinar	2013
Using MultiConfig	2011
Snort Tuning 101	2011

Details

Details

Talos Takes Podcast

Download Snort

Rules

Pulled Pork

Snort2Lua

Details

Details

Details

Details

Details

Details

Snort Overview

Snort 3

Miscellaneous

Snort 2

Documents

White Papers

Open AppID

Multimedia Snort How-To's

Troubleshooting

Other Resources

OpenAppID: Open Source Community Webinar	2015
OpenAppID: Development Manager Costas Kleopa, Open Source Community Webinar