O'Reilly logo

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide: Exam 500-285 by John Gay, Alex Tatistcheff, Todd Lammle

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 13 Creating Snort Rules

THE SSFIPS EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING:

  • ✓ 9.1 Be familiar with the options used to create Snort rules inside the Cisco NGIPS

In this chapter, we’re going to focus exclusively on the fundamentals of Snort rules, detailing their structure, syntax, and options. We’ll also explore how Snort performs rule optimization for better performance and show you how rule matching takes place internally.

The core of the FireSIGHT System’s intrusion detection capability is the IPS detection engine, which includes the preprocessor and the IPS rule base. Once the IPS engine initializes, the rule structures initialize and begin building decision trees by grouping rules based on things like destination ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required