Security Onion

Name: Security Onion
Rating: 4.63 (8 reviews)

Cybrary

Course

Security Onion is an open source Network Security Monitoring and log management Linux Distribution. In this course we will learn about the history, components, and architecture of the distro, and we will go over how to install and deploy single and multiple server architectures, as well as how to replay or sniff traffic.

Time

3 hours 10 minutes

Difficulty

Beginner

CEU/CPE

4.6

NEED TO TRAIN YOUR TEAM? LEARN MORE

Join over 3 million cybersecurity professionals advancing their career

Facebook

Google

Microsoft

Already have an account? Sign In »

Course Content

Module 1: Introduction

1.1 Introduction

Module 2: What is Security Onion?

2.1What is Security Onion?

2.2Monitoring and Analysis Tools

2.3Security Onion Architecture

2.4Deployment Types

Module 3: Installing a Standalone Server

3.1Security Onion Download and Installation Part 1

3.2Security Onion Download and Installation Part 2

10m

Module 4: Installing a Distributed Environment

4.1Server Configuration Demo Part 1

4.2Server Configuration Demo Part 2

11m

4.3Server Configuration Demo Part 3

14m

Module 5: Reviewing the Installation

5.1Server Installation Review

5.2Checking System Services With sostat

5.3Security Onion Web Browser Tools

5.4Security Onion Terminal

Module 6: Resources

6.1Resources Part 1

6.2Resources Part 2

Module 7: Replaying Traffic on a Standalone Server

7.1TCPReplay Part 1

7.2TCPReplay Part 2

16m

7.3TCPReplay Part 3

17m

7.4Review

1 minute

Module 8: Sniffing Traffic in a Distributed Environment

8.1Sniffing Traffic

8.2Traffic Overview in Kibana

13m

8.3SSH Success

1 minute

Module 9: Management Tips and Best Practices

9.1Lesson 9 Agenda

1 minute

9.2Salt Tips

9.3Proxy Settings

9.4IDS Rules Management

9.5Autocat Rules Management

9.6Other Helpful Commands and Tips

Module 10: Other Functionality

10.1Lesson 10 Overview

1 minute

10.2Wazuh/OSSEC Functionality

10.3DNS Anomaly Detection Script

10.4Domain Stats and Frequency Server

Module 11: Wrap Up

11.1Course Wrap Up

Course Description

Overall, this course will allow you to learn how to maintain and update Security Onion.

Students should have networking knowledge (TCP/IP, Protocols, Packets, etc.), linux knowledge (mkdir, Is, vi, ifconfig, etc.), and security technology knowledge (IDS, Full Packet Capture, etc).

Instructed By