ABOUT SECURITY ONIONSecurity Onion is a Linux distro for intrusion
detection, network security monitoring, and log management. It's based
on Ubuntu and contains Snort, Suricata, Zeek (formerly Bro),
OSSEC/Wazuh, the Elastic Stack and many other security tools. The
easy-to-use Setup wizard allows you to build an army of distributed
sensors for your enterprise in minutes!
For more about SECURITY ONION, please see:
https://securityonion.net/ [https://securityonion.net/]
ABOUT THE COURSE
_"I started Security Onion in 2008 to provide a comprehensive platform
for intrusion detection, network security monitoring, and log
management. Today, Security Onion has over 900,000 downloads and is
being used by organizations around the world to help monitor and
defend their networks. This class is the culmination of years of
lessons learned while building Security Onion and best practices
developed while deploying Security Onion to real networks and doing
real incident response with it."_
-- Doug Burks
http://www.linkedin.com/pub/doug-burks/1b/a2b/858
[http://www.linkedin.com/pub/doug-burks/1b/a2b/858]
WHAT DO PREVIOUS STUDENTS SAY ABOUT THE CLASS?
_"This class is a GREAT deal for the material, and worth it, even at a
much higher price tag.__"_
_"One of the best classes I have taken!"__
_
_"I really found this beneficial. As a novice user, I learned a TON
and feel that I am better equipped for [the] future." _
_"The material was perfect, with a mix of complex and beginner case
studies.__"_
WHAT DO STUDENTS GET?
* 4 days of classroom instruction from the developers of Security
Onion
* over 200 pages of course material
* Certificate of Completion
WHEN IS THE CLASS?
Tuesday, June 2, 2020 through Friday, June 5, 2020
8:00 AM - 5:00 PM (Eastern Time) each day
WHEN DOES REGISTRATION CLOSE?
Registration closes Tuesday, May 26, at 11:59 PM Eastern
WHERE IS THE CLASS BEING HELD?
The class will be held at Residence Inn by Marriott Alexandria Old
Town/Duke Street, 1456 Duke St, Alexandria, VA 22314. The training
site is convenient to the Metro and has a parking garage onsite.
WHAT HARDWARE WILL BE REQUIRED FOR THE CLASS?
***Security Onion Solutions will provide laptops for use in the
class.***
Students can choose to bring their own laptop that meets the following
requirements:
* At least 16 GB RAM on the machine, so that a full 8-12 GB RAM
can be dedicated to 1-2 virtual machines (VMs). More is better.
* At least 8 total logical CPU cores on the machine, so that 4 cores
can be dedicated to VMs. More is better.
* One internal hard drive should have at least 50 GB free disk
space. More is better. Solid State Drives are preferred, but not
required.
* Virtualization software must be installed. We recommend VMWare
Workstation, Workstation Player, or Fusion. Oracle VirtualBox works
also. Please, no ESXi or similar platforms. Each student machine will
run at most two VMs, which students install in class from the
Security Onion ISO image. The VMs will not interconnect with VMs on
other student machines.
* The hardware and operating system must be capable of running a 64
bit VM. Note: Some 64 bit machines don't automatically support a 64
bit VM. This should be tested ahead of class. See
https://securityonion.net/docs/installation
[https://securityonion.net/docs/installation]
* Students need administrator/root access to the host operating
system on the student machine. They should need this only once to add
a virtual sniffing NIC to the VM.
* Must have an adequately sized screen. Note: Tablet computers such
as the Microsoft Surface usually do not meet this requirement.
* Must be able to connect to a wireless network for Internet access.
WHICH VERSION OF SECURITY ONION WILL WE BE USING?
We'll be using the latest SECURITY ONION AS OF THREE WEEKS BEFORE THE
FIRST DAY OF CLASS.
The latest release can be found
here: https://securityonion.net/download
[https://securityonion.net/download]
WHAT DO STUDENTS NEED TO BRING TO CLASS?
Students need to bring the following:
* Optionally, students can bring a laptop meeting the requirements
described above
* State-issued ID or Passport
* Eventbrite ticket for this event
WHAT SKILLS/KNOWLEDGE SHOULD STUDENTS HAVE BEFORE ATTENDING THIS
COURSE?
Students should have a basic understanding of networks, TCP/IP, and
standard protocols such as DNS, HTTP, etc. Some Linux
knowledge/experience is recommended, but not required.
WHAT'S THE CANCELLATION POLICY?
Security Onion Solutions reserves the right to cancel this class up to
one day after registration closes if the class does not meet a minimum
number of students. If class is cancelled, the training ticket cost
will be refunded.
WHAT'S THE REFUND POLICY?
You may log into your Eventbrite account and request a refund up until
the last day of ticket sales. Please use the "Request a Refund"
button as shown here:
https://www.eventbrite.com/support/articles/en_US/How_To/can-i-get-a-refund
[https://www.eventbrite.com/support/articles/en_US/How_To/can-i-get-a-refund]
ARE THERE DISCOUNTS AVAILABLE?
For this COURSE, we are offering a discount to active duty US military
and active US Federal employees.
We also offer discounts to members of ISSA and Infragard. Contact us
for more information.
What topics are covered in this class?
Here is the syllabus (subject to change):
* Network Security Monitoring (NSM) methodology
* Security Onion Installation
* Configuration
* Setup Phase 1 - Network configuration
* Setup Phase 2 - Service configuration
* Evaluation Mode vs Production Mode
* Verifying services
* Analyzing Alerts
* Replaying traffic
* Interfaces for IDS Alerts - Squert and Sguil
* Kibana
* Hunting with Kibana
* Create custom dashboards in Kibana
* Pivoting between interfaces
* Pivoting to full packet capture
* Elastalert
* Zeek (formerly Bro)
* Introduction
* Zeek Programming Language
* Zeek Logs
* Zeek Scripts
* Zeek Intel Framework
* Production Deployment
* Advanced Setup
* Master vs sensor
* Node types - Master, Forward, Heavy, Storage
* Command line setup with sosetup.conf
* Architectural recommendations
* Sensor placement
* Hardening
* Administration
* Maintenance
* Tuning
* Using PulledPork to disable rules
* BPFs to filter traffic
* Spinning up additional Snort/Suricata/Zeek workers to handle
higher traffic loads
* Case Studies
* 1-2 Case Studies on Day 1
* 1-2 Case Studies on Day 2
* 2-3 Case Studies on Day 3
* 3-4 Case Studies on Day 4
* Wrap-up/Q&A
culture
courses
1128
Views
06/06/2020 Last update