Security Onion

Overall, this course will allow you to learn how to maintain and update Security Onion.

Students should have networking knowledge (TCP/IP, Protocols, Packets, etc.), linux knowledge (mkdir, Is, vi, ifconfig, etc.), and security technology knowledge (IDS, Full Packet Capture, etc).

• Module 1: Introduction
• 1.1 Introduction
• Module 2: What is Security Onion?
• 2.1 What is Security Onion?
• 2.2 Monitoring and Analysis Tools
• 2.3 Security Onion Architecture
• 2.4 Deployment Types
• Module 3: Installing a Standalone Server
• 3.1 Security Onion Download and Installation Part 1
• 3.2 Security Onion Download and Installation Part 2
• Module 4: Installing a Distributed Environment
• 4.1 Server Configuration Demo Part 1
• 4.2 Server Configuration Demo Part 2
• 4.3 Server Configuration Demo Part 3
• Module 5: Reviewing the Installation
• 5.1 Server Installation Review
• 5.2 Checking System Services With sostat
• 5.3 Security Onion Web Browser Tools
• 5.4 Security Onion Terminal
• Module 6: Resources
• 6.1 Resources Part 1
• 6.2 Resources Part 2
• Module 7: Replaying Traffic on a Standalone Server
• 7.1 TCPReplay Part 1
• 7.2 TCPReplay Part 2
• 7.3 TCPReplay Part 3
• 7.4 Review
• Module 8: Sniffing Traffic in a Distributed Environment
• 8.1 Sniffing Traffic
• 8.2 Traffic Overview in Kibana
• 8.3 SSH Success
• Module 9: Management Tips and Best Practices
• 9.1 Lesson 9 Agenda
• 9.2 Salt Tips
• 9.3 Proxy Settings
• 9.4 IDS Rules Management
• 9.5 Autocat Rules Management
• 9.6 Other Helpful Commands and Tips
• Module 10: Other Functionality
• 10.1 Lesson 10 Overview
• 10.2 Wazuh/OSSEC Functionality
• 10.3 DNS Anomaly Detection Script
• 10.4 Domain Stats and Frequency Server
• Module 11: Wrap Up
• 11.1 Course Wrap Up