What is Security Onion?

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

For more about Security Onion, please see:
http://securityonion.blogspot.com/

What topics are covered in this class?

Installation
Configuration
Analyzing Alerts
Hunting
Production Deployment
Tuning
Case Study

Is this the same class that was offered back in August?

Yes, it's the same class, but it has been polished and refined.

What hardware will be required for the class?

Students will need a laptop that is capable of running a 64-bit VM with at least 2GB RAM allocated to the VM. (3GB RAM or more for the VM is highly recommended).

PLEASE NOTE! Just because your laptop has a 64-bit processor does NOT necessarily mean that you can run 64-bit VMs. Your 64-bit processor must support virtualization and virtualization must be enabled in the BIOS.

What do students need to do prior to class?

Students should ensure that their laptop is fully capable of running a 64-bit VM by downloading the Security Onion ISO image and verifying that it runs AND installs in their VM. Please see our Installation guide:
https://code.google.com/p/security-onion/wiki/Installation

Which version of Security Onion will we be using?

We'll be using the new Security Onion 12.04.3 ISO image released on September 14:
http://securityonion.blogspot.com/2013/09/security-onion-12043-iso-image-now.html

What do students need to bring to class?

Students need to bring the following:

• this Eventbrite ticket
• laptop as described above
• Security Onion 12.04.3 ISO image