Description
Course info
Level
Intermediate
Updated
Apr 27, 2021
Duration
1h 6m
Your 10-day individual free trial includes:

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.
Description

Intrusion detection and prevention are an important part of any enterprise network security monitoring plan. In this course, Manage Suricata Rule Sets and Rule Sources, you’ll learn to select and obtain pre-written rules. First, you’ll explore open-source rule sets. Next, you’ll discover how to leverage suricata-update to add rule sources. Finally, you’ll learn how to manage regular updates with cron. When you’re finished with this course, you’ll have the skills and knowledge of Suricata needed to manage Suricata’s rule sets and rule sources using suricata-update.

About the author
About the author

Matt Glass is an IT Project Manager in Stuttgart, Germany, working as a government contractor. He has more than 12 years of IT experience in a variety of roles.

More from the author
Impact with Low Orbit Ion Cannon (LOIC)
Intermediate
23m
Sep 30, 2021
Suricata: Getting Started
Intermediate
1h 12m
Dec 14, 2020
More courses by Matt Glass
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello everyone. My name is Matt Glass, and welcome to my course, Manage Suricata Rule Sets and Rule Sources. I'm an IT project manager at Leidos, working in Stuttgart, Germany. Suricata is an open‑source intrusion detection, inline intrusion prevention, and network security monitoring engine. Suricata is developed and maintained by the Open Information Security Foundation, a community‑run, non‑profit foundation. In this course, we're continuing the Suricata path, focusing on rule set and rule source management within Suricata. We'll use tools to automate the rule set management process and test rule sets against example traffic. Some of the major topics that we'll cover include understanding Suricata rule sets and rule sources, leveraging suricata‑update to manage rule sets and sources, examining rule set effects using pcap replay, and scheduling automatic updates using cron. By the end of this course, you'll be able to manage rule sets and sources using suricata‑update and evaluate their effects. Before beginning the course, you should be familiar with basic computer networking concepts, using a Linux command line interface, and operating Suricata on a Linux server. Or, you can complete the Suricata: Getting Started course first. I hope you'll join me on this journey to continue learning Suricata with the Manage Suricata Rule Sets and Rule Sources course at Pluralsight.