Focal Point - Cyber Threats Detection and Mitigation Course Details:

Cyber threats are increasing at an alarming rate every year and the ability for organizations to defend against full-scale, distributed attacks quickly and effectively has become much more difficult. An Intrusion Detection/ Prevention System (IDS/IPS) affords security administrators the ability to automate the process of identifying attacks among the thousands of connections on their network, provided the system is properly configured and the signatures are well written.

Taught by leaders in network defense who work in the cyber security industry, this course demonstrates how to defend large-scale network infrastructures by building and maintaining IDS/IPS and mastering advanced signature-writing techniques. With Intrusion Detection Systems and trained network security auditors, organizations have a reliable means to prioritize and isolate the most critical threats in real time.

Student Practical:.
Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students are given several packet captures containing a variety of scanning and exploitation techniques. They are tasked with identifying the significant elements of the attack and translating them into IDS signatures. Finally, they are tasked with tuning those signatures to reduce false-positives and limit excessive events.

    No classes are currenty scheduled for this course.

    Call (919) 283-1674 to get a class scheduled online or in your area!

*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.

In this class you will learn:

  • Recognize the benefits and limitations of different intrusion detection system types (network- and host-based, and distributed systems)
  • Identify optimal sensor placement and gaps in coverage
  • Write basic IDS signatures to identify traffic of interest and tune them to reduce false positives
  • Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
  • Apply decoding and other techniques to overcome IDS evasion efforts
  • Develop complex signatures employing rule chaining, event filtering and post-detection analysis to identify distributed attacks, multi-stage events, and other more complex threats
  • Use regular expressions to effectively detect variable or morphing attacks
  • Manage rule sets to reduce redundancy and maintain system efficiency

Course Outline:

  1. Intrusions
  2. Common Threats
  3. Intrusion Detection
  4. Introduction to Snort
  5. Introduction to Bro
  6. Snort Configuration and Variables
  7. Snort Output
  8. Output Plugins
  9. Signature Writing
  10. Snort Rule Options
  11. The Detect Offset Pointer (DOE)
  12. DOE Content Modifiers
  13. DOE Rule Options
  14. Snort Packet Header Rule Options
  15. Pre-Processors
  16. Post Detection
  17. Effective Rule Writing
  18. Perl Compatible Regular Expressions
  19. Tracking State Across Sessions Using Flowbits


  1. Setup and Configure an IDS to match a network topology map
  2. Define Network Variables
  3. Configure Output Statements
  4. Write over 30 Signatures
  5. Analyze and Write Signatures based attack patterns
  6. Tune signatures to reduce false positives and false negatives
  7. Reverse Engineering Existing and Downloaded rule
  • Incident Responders who need to understand and react to IDS alerts
  • Network Defenders seeking to automate threat detection
  • IDS administrators who wish to improve their signature writing skills
  • Security Operations Center Staff seeking to automate traffic analysis
  • Penetration Testers looking to reduce their network visibility

Ready to Jumpstart Your IT Career?