Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Network Admin Training / Certification

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 23 Jul 2015 15:36:16 +0000
We have a rules writing class as well.  No certification for it, but it’s a good class.


On Jul 23, 2015, at 8:21 AM, John York <YorkJ () brcc edu<mailto:YorkJ () brcc edu>> wrote:



From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: Wednesday, July 22, 2015 4:51 PM
To: Turnbough, Bradley E. <bturnbough () belcan com<mailto:bturnbough () belcan com>>
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort Network Admin Training / Certification

Huh.  Was not aware we don’t have the CERT anymore..

<snip>
________________________________
From: Y M [snort () outlook com<mailto:snort () outlook com>]
Sent: Wednesday, July 22, 2015 9:34 AM
To: Turnbough, Bradley E.
Cc: Joel Esler (jesler); snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort Network Admin Training / Certification

Bradley,

I am glad that you asked. At all cost avoid the Cisco's exam 500-280 SSFSNORT (which to my understanding is equivalent 
to SnortCP which used to be offered by SourceFire). Why you ask?

Well I took the exam to renew my SnortCP which expired in May. I passed the 500-280 SSFSNORT exam, and Cisco's Tracking 
System explicitly says that I am "Certified" and I was told by a trainer (on different occasion) that there is a 
certificate. Only after the fact I learned that this is only an exam "to validate skills". So if you lose the report 
that gets immediately generated when you complete the exam, there is no way you can prove that you are certified.

To make things even worse, exam 500-285 SSFIPS (exam for the commercial product) is the same, no certification 
whatsoever.

I opened a ticket with Cisco, which resulted to dead end. There are other annoying details that I will spare you from.

In my humble opinion, Cisco is underestimating both exams, and hence underestimating the products themselves and the 
people who spend time, effort, and money ($250) per exam. If I knew before hand, then I would have not set the exam.

YM

Sent from Mobile


I had the same experience that YM had with the SSFIPS class. There is a test, but all you get is a note that says you 
passed the test.  The class was taught by a professional instructor, but he had never used the product—very 
disappointing.

I would not recommend SANS 503 if the only thing you’re looking for is Snort rule writing.  It’s a great course (took 
it myself and liked it) but Snort rules only get a day or less of coverage.

Thanks
John



------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: