Snort Rule Clinic

I gave a Snort rule clinic this summer. Slides in pdf are here and in Open Office Impress form here . I believe Bleeding Snort is going to post them on their site as well.

Feel free to adapt and correct. I'd like to know if you find any errors, but no attribution is necessary. My understanding of the GPL is that I was required to apply it to the presentation since I included Snort Community rules as examples, and they are released under the GPL.

I ran into some content-free slides recently, which irked me. I know that graphically, these slides are horrorible, but they stand alone pretty well for content. They aren't just an outline. I hope to carve the audio of the clinic up into 10 minute sections and podcast it, but I don't think that is crucial. (I also need an editing suite with a macro to auto-delete "uh"s.)

Really, the best source is the Snort documentation, which is the clearest I've seen for any software. Sometimes a second look from another POV is helpful, though, and there are one or two points I clarified. I also focus on the most important rule features, as measured by frequency of use in the rule set.