Security Onion for Analysts & Threat Hunters Columbia MD - Mar 21-24 2023

Actions Panel

Security Onion for Analysts & Threat Hunters Columbia MD - Mar 21-24 2023

Learn core analyst techniques and how to apply them with Security Onion 2 in this 4-day pilot course in Columbia, MD, March 21-24, 2023.

When and where

Date and time


6950 Columbia Gateway Dr 6950 Columbia Gateway Drive Suite 450 Columbia, MD 21046

Map and directions

How to get there

Refund Policy

Contact the organizer to request a refund.
Eventbrite's fee is nonrefundable.

About this event

  • 3 days 9 hours
  • Mobile eTicket

About Security Onion 2

Security Onion 2 is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes Playbook & Sigma, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, Zeek, and other endpoint and security tools. Security Onion has been downloaded over 2 million times and is being used by security teams around the world to monitor and defend their enterprises. Our easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

For more about Security Onion, please see

About the Course

Security Onion Fundamentals for Analysts and Threat Hunters is our pilot 4-day analyst-only course for Security Onion 2, offered at a special price. This hands-on course is geared for security analysts and threat hunters using the Security Onion 2 platform, with very light coverage of administration. Students will learn core analyst techniques and how to apply them using real-world case studies covering major analyst workflows.

  • 4 full days of class instruction from the developers of Security Onion 2
  • 300+ pages of course material
  • Certificate of Completion

When is the class?

Tuesday, March 21, 2023 through Friday, March 24, 2023

8-hour class from 8:00 AM - 5:00 PM (Eastern Time) each day

When does registration close?

Registration closes Thursday, March 2, at 11:59 PM Eastern.

Where is the class being held?

The class will be held at Intelligenesis, Inc., 6950 Columbia Gateway Dr., Suite 450, Columbia, MD 21046.

What hardware, etc. will be required for the class?

Security Onion Solutions will provide laptops for use during the course.

Which version of Security Onion will we be using?

We'll be using the latest Security Onion 2.3 build as of February 23, 2023.

The latest stable release can be found here:

What skills/knowledge should students have before attending this course?

Students should attend the free 2-hour Security Onion Essentials course before the first day of class. One topic covered by the Essentials course is building a Security Onion VM. Note that students do not need to build a Security Onion VM for this class. We will be using a pre-installed lab.

Students should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, etc.  Some Linux knowledge/experience is recommended, but not required.

What's the cancellation policy?

Security Onion Solutions reserves the right to cancel this class up to one day after registration closes if the class does not meet a minimum number of students. If class is canceled, the training ticket cost will be refunded.

What's the refund policy?

You may log into your Eventbrite account to request a refund up until the last day of ticket sales.  Please use the "Request a Refund" button as shown here:

Are there discounts available?

This is a pilot course with a very special price so, unfortunately, we are unable to offer discounts for this class.

Does the class prepare students to pass the Security Onion Certified Professional (SOCP) exam?

In this class, students will use the interfaces in Security Onion to hunt for and respond to alerts on malicious activity. It is not intended to be a certification prep class.

What topics are covered in this class?

Note: Syllabus is subject to change

  • Security Onion Console Overview
  • Security Onion 2 Grid Architecture
  • Basic Administrative Tasks
    • Manage User Accounts
    • Validate Grid Health
  • Crucial Network Protocols and Host-Based Datasets (HTTP, SSL, DNS, Windows, Sysmon, etc.)
  • Correlate Network and Host Data with Security Onion Console
  • Discuss SOC Analyst Methodologies
    • Key Elements of the Security Event Management Process
    • Incident Escalation and Resolution
    • Understanding the Analysis & Investigation Process
    • Leveraging the MITRE ATT&CK Framework to Improve Threat Hunting
  • Security Onion Analyst Workflows
    • Alert Triage & Case Creation with Alerts and Cases
    • Threat Hunting with Hunt and Dashboards
    • Detection Engineering with Playbook
  • Searching for Data in Security Onion
    • Lucene
    • Onion Query Language (OQL)
  • Analyst Techniques
    • Analyzing and Reconstructing Obfuscated Executables from Packets
    • Finding Malicious Activity in Encrypted Traffic
    • Detecting Hostile DNS Traffic (DNS tunneling, C2 over DNS, etc.)
    • Tracking Adversary Activity Using Process Command Lines
    • Identifying Anomalies Utilizing Network and Host Baselines
  • Examining Data with CyberChef
  • Visualizing Enterprise Data in Kibana
  • Capstone Capture the Flag Event
  • Multiple Labs and Case Studies