Snort Beyond IDS - Open Source Application and File Control
Offered By: YouTube
Course Description
Overview
Explore advanced Snort capabilities beyond traditional Intrusion Detection Systems in this 57-minute conference talk from BSides Columbus Ohio 2015. Delve into Next Generation Firewall concepts, Application Control, and File Control features. Learn about Application Detector Packages, examining output, writing custom rules, and creating detectors. Discover file inspection techniques, including file type identification and capture alerts. Gain insights into Snort's evolution as a comprehensive security tool, covering topics such as application APIs, preprocessing, and integration with antivirus solutions like ClamAV.
Syllabus
Intro
Overview
WTF is a Next Gen Firewall?
Application Control
New Requirements
Application Detector Package
Applications
Examining Output
Intrusion Output
Application Rules
Writing a Rule
Custom Detector
Port Detection Example
Anatomy of a Detector
Information Header
Included Libraries
Detector PackageInfo
Initialization Function
Validation Function
Clean Function
Detection Functions
Other Detection Types
File APIs
File Inspection Preprocessor
Supported
snort.conf
File Type Identification
File Capture Alert
Clam-not-just-AV
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube