Udemy: Snort Intrusion Detection

The other day I started a Udemy course: Snort Intrustion Detection, Rule Writing, and PCAP Analysis. In the lesson they use VirtualBox, I chose to use VMware, as that is what I have installed currently on my machine. Second was that a few of the sections were about setting up SecurityOnion and Kali (Both of which I already have active VMs for). That enabled me to shave off some of the time running through the training as they were setup as vanilla load, the only exception is that I have been using Suricata vice Snort, but for the most part I did not have an issue. One of the first rules was about SPAM, which we created a basic rule, and then added offset, and depth which he was able to explain. Suricata did not like the depth talked about in the video, stating it was shorter then the content (+1) to that number, and seemed to work with no ill effect. I need to read up more about offset/depth with reguards to Suricata, and see if it was just something I was doing wrong, or if there is a true differance between Snort and Suricata. Following that we did some other rules, and validated rules against VMs with known vulernabilities. I think this course helped a bit in understanding how the rulesets work, and will help with my current job.