Enterprise Security Monitoring - Seeing Clearly with Security Onion - Wes Lambert
Offered By: YouTube
Course Description
Overview
Explore enterprise security monitoring techniques using Security Onion in this 38-minute conference talk from BSides Tampa 2019. Learn about the capabilities and tools of Security Onion, including backend components, analysis interfaces, and various data types such as alerts, host data, metadata, and full content. Discover how to leverage Sguil, Squert, and Kibana interfaces for effective threat hunting and investigation. Gain insights into deployment options, event enrichment, alerting mechanisms, and the Elastic Stack integration. Follow along as the speaker demonstrates investigating an alert using Sguil and Kibana, providing practical knowledge for security professionals seeking to enhance their monitoring and incident response capabilities.
Syllabus
Intro
Introduction - What is Security Onion?
Introduction - What can I do with Security Onion?
Tools: Backend
Tools: Analysis
Data: Alert Data
Data: Host Data
Data: Metadata
Metadata: Example Bro HTTP Log
Data: Full Content Data
Data: Raw Files
Interfaces: Sguil
Interfaces: Squert
Interfaces: Kibana
Academia
Forensics
Enterprise Security Monitoring
Standalone Deployment
Distributed Deployment
Analyst VM
Event Conduit
Elastic Stack
Event Enrichment
Alerting
Hybrid Hunter
Stenographer
Investigating an Alert: Sguil - Kibana
Related Courses
Windows Server 2016 Security FeaturesMicrosoft via edX Detecting and Mitigating Cyber Threats and Attacks
University of Colorado System via Coursera Threat Detection: Planning for a Secure Enterprise
Microsoft via edX Microsoft Professional Capstone : Cybersecurity
Microsoft via edX Cyber Security Operations (Cisco CCNA)
The Open University via FutureLearn