Security Onion Fundamentals for Analysts & Admins Suffolk VA - 25-28Jul2023

Actions Panel

Security Onion Fundamentals for Analysts & Admins Suffolk VA - 25-28Jul2023

Learn how to architect, manage, deploy, and effectively use Security Onion in this 4-day course delivered in Suffolk, VA, July 25-28, 2023.

By Security Onion Solutions LLC

When and where

Date and time

July 25 · 8am - July 28 · 5pm EDT


Hilton Garden Inn Chesapeake/Suffolk 5921 Harbour View Boulevard Suffolk, VA 23435

Refund Policy

Contact the organizer to request a refund.
Eventbrite's fee is nonrefundable.

About this event

  • 3 days 9 hours
  • Mobile eTicket

About Security Onion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own tools for Alerts, Dashboards, Hunt, PCAP, and Cases as well as other tools such as Playbook, FleetDM, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, Zeek, and Wazuh. Security Onion has been downloaded over 2 million times and is being used by security teams around the world to monitor and defend their enterprises. Our easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

For more about Security Onion, please see

About the Course

This course is geared for analysts and administrators of Security Onion. Students will gain a foundational understanding of the platform - how to architect, deploy, and manage their Security Onion grid. The course also covers major analyst workflows, reinforced through real-world case studies.

  • 4 full days of class instruction from the developers of Security Onion
  • 300+ pages of course material
  • Certificate of Completion
  • Laptop to use during class time

When is the class?

Tuesday, July 25, 2023 through Friday, July 28, 2023

8-hour class from 8:00 AM - 5:00 PM (Eastern Time) each day

When does registration close?

Registration closes Thursday, June 29, at 11:59 PM Eastern.

Where is the class being held?

The class will be held at the Hilton Garden Inn Chesapeake/Suffolk, 5921 Harbour View Boulevard, Suffolk, VA 23435

Where do I park?

The hotel has free parking for class participants.

Is there a special hotel rate?

We are working on this with the hotel and will update this answer shortly.

What hardware, etc. will be required for the class?

Security Onion Solutions will provide laptops for use during the course

Which version of Security Onion will we be using?

We will use the latest version of Security Onion as of June 29, 2023.

The latest stable release can be found here:

What skills/knowledge should students have before attending this course?

Students should attend the free 2-hour Security Onion Essentials course before the first day of class. One topic covered by this course is building a Security Onion VM. Note that students do not need to build a Security Onion VM for this class. We will be using a pre-installed virtual lab.

Students should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, etc.  Some Linux knowledge/experience is recommended, but not required.

What's the cancellation policy?

Security Onion Solutions reserves the right to cancel this class up to one day after registration closes if the class does not meet a minimum number of students. If class is canceled, the training ticket cost will be refunded.

What's the refund policy?

You may log into your Eventbrite account to request a refund up until the last day of ticket sales.  Please use the "Request a Refund" button as shown here:

Are there discounts available?

We also offer discounts to members of ISSA and Infragard. Contact us for more information.

Does the class prepare students to pass the Security Onion Certified Professional (SOCP) exam?

Although this course covers several topics that are included in the SOCP exam, it is not intended to be a certification prep class.

What topics are covered in this class?

Note: Syllabus is subject to change

  • Security Onion Console
  • Security Onion System Architecture
  • Common Administrative Tasks
  • Security Onion Workflows
    • Alert Triage & Case Creation with SOC Alerts and Cases
    • Ad hoc Hunting with Kibana and SOC Hunt
    • Detection Engineering with Playbook
  • Grid Management
    • Users
    • Firewalls
    • Updating
    • Monitoring
    • Troubleshooting
    • Hardening
  • Tuning the Grid
    • Berkeley Packet Filters
    • Performance Tuning - Zeek and Suricata
    • Alert Tuning - Suricata and Playbook
  • Integrating Endpoint Data
  • Zeek
    • Logs
    • Scripts
    • Intel Framework
  • Multiple Labs and Case Studies

About the organizer