Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Snort Beyond IDS - Open Source Application and File Control

via YouTube

Overview

Explore advanced Snort capabilities beyond traditional Intrusion Detection Systems in this 57-minute conference talk from BSides Columbus Ohio 2015. Delve into Next Generation Firewall concepts, Application Control, and File Control features. Learn about Application Detector Packages, examining output, writing custom rules, and creating detectors. Discover file inspection techniques, including file type identification and capture alerts. Gain insights into Snort's evolution as a comprehensive security tool, covering topics such as application APIs, preprocessing, and integration with antivirus solutions like ClamAV.

Syllabus

Intro
Overview
WTF is a Next Gen Firewall?
Application Control
New Requirements
Application Detector Package
Applications
Examining Output
Intrusion Output
Application Rules
Writing a Rule
Custom Detector
Port Detection Example
Anatomy of a Detector
Information Header
Included Libraries
Detector PackageInfo
Initialization Function
Validation Function
Clean Function
Detection Functions
Other Detection Types
File APIs
File Inspection Preprocessor
Supported
snort.conf
File Type Identification
File Capture Alert
Clam-not-just-AV

Reviews

Start your review of Snort Beyond IDS - Open Source Application and File Control

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.