Security Onion 2 Fundamentals for Analysts & Admins Sep 2022 @BSidesAugusta

Security Onion 2 Fundamentals for Analysts & Admins Sep 2022 @BSidesAugusta

Actions and Detail Panel

Date and time


Georgia Cyber Center Hull McKnight Building

100 Grace Hopper Lane

Augusta, GA 30901

View map

Refund policy

Refunds up to 7 days before event

Eventbrite's fee is nonrefundable.

Learn how to architect, manage, deploy, and effectively use Security Onion 2 in this 4-day course in Augusta, GA, September 26-29, 2022

About this event

***NOTE: To purchase training for these dates, click HERE (links to BSidesAugusta registration page)****

About Security Onion 2

Security Onion 2 is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes Playbook & Sigma, Fleet & Osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, Zeek, Wazuh, and many other security tools. Security Onion has been downloaded over 2 million times and is being used by security teams around the world to monitor and defend their enterprises. Our easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

For more about Security Onion, please see

About the Course

This course is geared for analysts and administrators of Security Onion 2. Students will gain a foundational understanding of this new platform - how to architect, deploy, and manage their Security Onion 2 grid. The course also covers major analyst workflows, reinforced through real-world case studies.

What is included in the price of this class?

  • 4 full days of class instruction from the developers of Security Onion 2
  • 300+ pages of course material
  • Certificate of Completion
  • Laptop to use during class time
  • Light snacks, bottled water, and coffee
  • Parking in the GCC parking deck
  • Admission to Security Onion Conference 9/30/2022
  • Admission to BSidesAugusta 10/1/2022

When is the class?

Monday, September 26, 2022 through Thursday, September 29, 2022

8-hour class from 8:00 AM - 5:00 PM (Eastern Time) each day

When does registration close?

Registration closes September 16, 2022, at 11:59 PM Eastern

Where is the class being held?

The class will be held at the Georgia Cyber Center Hull McKnight Building, 100 Grace Hopper Lane, Augusta, GA 30901

Where do I park?

The GCC is walking distance from one of the BSidesAugusta preferred hotels. If you are driving, there is a paid parking deck onsite. Validated parking is included with the price of registration.

What about lunch options?

The GCC is walking distance from many local restaurants. Destination Augusta has some ideas for training and conference attendees here.

What hardware, etc. will be required for the class?

Security Onion Solutions will provide laptops for use during the course

Which version of Security Onion will we be using?

We'll be using the latest Security Onion version as of September 1, 2022

The latest stable release can be found here:

What skills/knowledge should students have before attending this course?

Students should attend the free 2-hour Security Onion Essentials course before the first day of class. One topic covered by this course is building a Security Onion VM. Note that students do not need to build a Security Onion VM for this class. We will be using virtual machines on the class laptops provided by Security Onion Solutions.

Students should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, etc.  Some Linux knowledge/experience is recommended, but not required.

What's the cancellation policy?

Security Onion Solutions reserves the right to cancel this class up to one day after registration closes if the class does not meet a minimum number of students. If class is cancelled, the training ticket cost will be refunded. Contact BSidesAugusta through their registration page for more information.

What's the refund policy?

You may log into your Eventbrite account to request a refund up until the last day of ticket sales.  Please use the "Request a Refund" button as shown here:

Are there discounts available?

For this course, we are offering a discount to active duty US military and active US Federal employees. We also offer discounts to members of ISSA and Infragard. Contact us for more information.

What topics are covered in this class?

Note: Syllabus is subject to change

  • Security Onion Console
  • Security Onion 2 System Architecture
  • Deploying a Security Onion 2 Distributed Architecture
  • Common Administrative Tasks
  • Security Onion 2 Workflows
    • Alert Triage & Case Creation with SOC Alerts and Cases
    • Ad hoc Hunting with Kibana and SOC Hunt
    • Detection Engineering with Playbook
  • Grid Management
    • Users
    • Firewalls
    • Updating
    • Monitoring
    • Troubleshooting
    • Hardening
  • Tuning the Grid
    • Berkeley Packet Filters
    • Performance Tuning - Zeek and Suricata
    • Alert Tuning - Suricata and Playbook
  • Integrating Endpoint Data with Osquery and Wazuh
  • Zeek
    • Logs
    • Scripts
    • Intel Framework
  • Alternative Deployment Architectures
    • Airgap Deployments
    • Cloud Deployments
  • Multiple Labs and Case Studies

***NOTE: To purchase training for these dates, click HERE (links to BSidesAugusta registration page)****

Share with friends