About Security Onion
Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
For more about Security Onion, please see:
About the Course
"I started Security Onion in 2008 to provide a comprehensive platform for intrusion detection, network security monitoring, and log management. Today, Security Onion has over 350,000 downloads and is being used by organizations around the world to help monitor and defend their networks. This class is the culmination of 6 years of lessons learned while building Security Onion and best practices developed while deploying Security Onion to real networks and doing real incident response with it."
-- Doug Burks
What do previous students say about the class?
"I highly, HIGHLY recommend attending this class. I attended the class in Houston and it was excellent.
Doug is very knowledgeable and has an informal style of instruction that keeps the class interesting and encourages interaction with the students, and is not simply a 16 hour lecture.
I also met many interesting people and made some new contacts. All in all, if this class comes anywhere near me again ... I'll be going if I have to host a bake sale to get there."
"I appreciated the mixture of Doug's obvious significant real world experience, paired with his deep knowledge of security onion. I felt like the class not only helped me understand the tools but also helped me understand how I might best apply those tools."
"I liked the depth of each tool Doug covered each day in class. I enjoyed learning in an environment where you get to follow along with hands on, and get to ask questions about some of the things that will help you, individually, when you get back to your specific Security Onion implementation. I really appreciated the time Doug spent going thru real world investigations, where he presented his thought process and how each and every tool can be used to benefit us in our investigations."
"One of the best courses I have taken. Phil was extremely knowledgeable. I would recommend this class to other people."
What do students get?
- 4 days of classroom instruction from the developers of Security Onion
- over 200 pages of course material
- Certificate of Completion
When is the class?
Tuesday, June 20, 2017 through Friday, June 23, 2017
8:00 AM - 5:00 PM (Eastern) each day
Where is the class being held?
Alexandria, VA. Further details will be provided to registered students.
What is the registration deadline?
Registration closes Monday, June 12, at 11:59 PM Eastern.
What hardware will be required for the class?
Students will need a laptop that is capable of running a 64-bit VM with at least 3GB RAM allocated to the VM (4GB RAM or more for the VM is highly recommended).
PLEASE NOTE: Just because your laptop has a 64-bit processor does NOT necessarily mean that you can run 64-bit VMs. Your 64-bit processor must support virtualization and virtualization must be enabled in the BIOS.
VMware Workstation/Fusion is HIGHLY recommended.
What do students need to do prior to class?
Students should ensure that their laptop is fully capable of running a 64-bit VM by downloading the Security Onion ISO image and verifying that it runs AND installs in their VM. Please see our Installation guide:
Which version of Security Onion will we be using?
We'll be using the latest release of the Security Onion ISO as of June 1, 2017.
The latest release can be found here:
What do students need to bring to class?
Students need to bring the following:
- Eventbrite ticket for this event
- Laptop as described above
- Latest Security Onion ISO image (currently 14.04.5.2)
What skills/knowledge should students have before attending this course?
Students should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required.
What's the cancellation policy?
Security Onion Solutions reserves the right to cancel this class up to one day after registration closes if the class does not meet a minimum number of students. If class is cancelled, the training ticket cost will be refunded.
What's the refund policy?
You may log into your Eventbrite account and request a refund up until the last day of ticket sales. Please use the "Request a Refund" button as shown here:
What topics are covered in this class?
- Network Security Monitoring (NSM) methodology
- Security Onion Installation
Setup Phase 1 - Network configuration
Setup Phase 2 - Service configuration
Evaluation Mode vs Production Mode
- Analyzing Alerts
3 primary interfaces:
Pivoting between interfaces
Pivoting to full packet capture
Using ELSA to slice and dice logs
Bro Programming Language
ShellShock Detector Module
Bro Intel Framework
- Production Deployment
Master vs sensor
Using PulledPork to disable rules
BPFs to filter traffic
Spinning up additional Snort/Suricata/Bro workers to handle higher traffic loads
- Case Studies
1-2 Case Studies on Day 1
1-2 Case Studies on Day 2
Two (2) Case Studies on Day 3
Final Case Study on Day 4
Save This Event
When & Where
Security Onion Solutions LLC
Security Onion Solutions helps you peel back the layers of your network.