YoVDO

Enterprise Security Monitoring - Seeing Clearly with Security Onion - Wes Lambert

Offered By: YouTube

Tags

Conference Talks Courses Data Analysis Courses Cybersecurity Courses Incident Response Courses Security Onion Courses Threat Detection Courses Network Monitoring Courses Elastic Stack Courses

Course Description

Overview

Explore enterprise security monitoring techniques using Security Onion in this 38-minute conference talk from BSides Tampa 2019. Learn about the capabilities and tools of Security Onion, including backend components, analysis interfaces, and various data types such as alerts, host data, metadata, and full content. Discover how to leverage Sguil, Squert, and Kibana interfaces for effective threat hunting and investigation. Gain insights into deployment options, event enrichment, alerting mechanisms, and the Elastic Stack integration. Follow along as the speaker demonstrates investigating an alert using Sguil and Kibana, providing practical knowledge for security professionals seeking to enhance their monitoring and incident response capabilities.

Syllabus

Intro
Introduction - What is Security Onion?
Introduction - What can I do with Security Onion?
Tools: Backend
Tools: Analysis
Data: Alert Data
Data: Host Data
Data: Metadata
Metadata: Example Bro HTTP Log
Data: Full Content Data
Data: Raw Files
Interfaces: Sguil
Interfaces: Squert
Interfaces: Kibana
Academia
Forensics
Enterprise Security Monitoring
Standalone Deployment
Distributed Deployment
Analyst VM
Event Conduit
Elastic Stack
Event Enrichment
Alerting
Hybrid Hunter
Stenographer
Investigating an Alert: Sguil - Kibana


Related Courses

Network Security Monitoring (NSM) with Security Onion
Pluralsight Network Security Analysis Using Wireshark, Snort, and SO
Udemy Extensions, Frameworks, & Integrations Used with Zeek
Pluralsight Security Onion
Cybrary Peel Back the Layers of Your Enterprise and Make Your Adversaries Cry
RSA Conference via YouTube