Class Details

Network Security Monitoring with Security Onion Price: $3,250

Training promotions may be available, contact a training consultant at 240-667-7507 for more information!

This course will provide the basic concepts of Security Onion and it’s use as a Network Security Monitoring (NSM) suite.  Participants will install Security Onion, then use component tools to collect and visualize network data.  Participants will also learn toolset service verification and troubleshooting in this course.

You will benefit most from this course if you want to accomplish basic monitoring tasks in Security Onion, or if you want to have a solid foundation for advancing to become a Network Security Monitoring Expert. If you intend to work with Security Onion in depth this course is a good place to start, but you will need to engage in additional courses to be fully prepared to work with the toolset in production.

The course assumes you know how to use a computer, and that you're familiar with basic networking and security principles. It does not assume that you've set up basic virtual machines before.

Price Match Guarantee Phoenix TS

Security Onion Course Includes:

  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Course retake option
  • Exam Voucher
  • A second chance voucher included with full price purchases 
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available throughout the day
  • Freshly baked cookies every afternoon - *only at participating locations

Course Outline

Day 1: Overview and Install

  • Module A: What is Network Security Monitoring?
  • Define Network Security Monitoring 7
  • Compare Network Monitoring with Firewalls, Network Monitoring, and Continuous Monitoring 8
  • Learn how Network Security Monitoring Works 9
  • Discuss Advantages to NSM 9
  • Determine when NSM is Not Possible 10
  • Learn NSM Lexicon 10
  • Examine NSM Operational Cycle 12
  • Discuss NSM Data 13
  • Module B: Security Onion Installation 16
  • Learn about Security Onion 16
  • Examine Security Onion Tools 17
  • Prepare for Installation 17
  • Install Security Onion 18
  • Configure Security Onion 18
  • Daily Summary: NSM Overview and SO Installation 21

Day 2: Network Traffic and Alerts 22

  • Module A: Replay Network Traffic 23
  • Network Traffic: FPC- PCAP 23
  • Replay sample PCAP Files 24
  • Running Packet Analysis Tools 25
  • Examine packet data in Squil 25
  • Module B: Alerts 28
  • Detection Mechanisms 28
  • Alert Interfaces 28
  • Analyzing Alerts in Squert 29
  • Daily Summary: Network Traffic and Alerts 32

Day 3: Kibana and BRO 33

  • Module A: Log Analysis with Kibana 34
  • Determining the Value of Log Data 34
  • Working with Kibana 34
  • Pivoting from Kibana 36
  • SSO to Squert from Kibana 36
  • PIVOT from Squert to Kibana 36
  • Module B: BRO 38
  • Work with BRO 38
  • Learning about the BRO Intel Framework 39
  • Daily Summary: Kibana and BRO 41

Day 4: Production Implementation & Troubleshooting 42

  • Module A: Network Security Monitoring in Production 43
  • Distributed Deployment Requirements 44
  • CPU 44
  • Monitoring is CPU Intensive. All the SO IDS tools (can you name them) are incredibly CPU intensive. The more traffic you are monitoring, the more CPU cores you'll need. 44
  • RAM 44
  • Install Order 44
  • Using OnionSalt 45
  • Air-gapped Networks 45
  • Module B: Troubleshooting Security Onion 47
  • Status 47
  • Updates 48
  • Screen Askew 48
  • Adding Analyst Accounts 48
  • Reboot, No Services 48
  • Ruleset Options 48
  • Snort Community Ruleset 48
  • Viewing with Rule Categories 49
  • Start and Stop Services 49
  • Disable Services 49
  • Disable Snorby 49
  • SGUIL 50
  • Sguil Days To Keep 50
  • Day 4 Summary: SO Production & Troubleshooting 52
  • Resources 53
  • Security Onion 53
  • External PCAP Files 53

Objectives

Network Security Monitoring with Security Onion Course Objectives:

  • About the Security Onion toolset
  • How the tools support Network Security Monitoring.
  • How to locate Security Onion requirements, OS image, and documentation.
  • How to install and configure Security Onion on a virtual machine.
  • How to verify services and troubleshoot Security Onion.
  • Which tools help you visualize the network in terms of sensors and data feeds.
  • How to apply Security Onion to the collection, detection and analysis activities of Network Security Monitoring