Enterprise Security Monitoring - Seeing Clearly with Security Onion - Wes Lambert
Offered By: YouTube
Course Description
Overview
Explore enterprise security monitoring techniques using Security Onion in this 38-minute conference talk from BSides Tampa 2019. Learn about the capabilities and tools of Security Onion, including backend components, analysis interfaces, and various data types such as alerts, host data, metadata, and full content. Discover how to leverage Sguil, Squert, and Kibana interfaces for effective threat hunting and investigation. Gain insights into deployment options, event enrichment, alerting mechanisms, and the Elastic Stack integration. Follow along as the speaker demonstrates investigating an alert using Sguil and Kibana, providing practical knowledge for security professionals seeking to enhance their monitoring and incident response capabilities.
Syllabus
Intro
Introduction - What is Security Onion?
Introduction - What can I do with Security Onion?
Tools: Backend
Tools: Analysis
Data: Alert Data
Data: Host Data
Data: Metadata
Metadata: Example Bro HTTP Log
Data: Full Content Data
Data: Raw Files
Interfaces: Sguil
Interfaces: Squert
Interfaces: Kibana
Academia
Forensics
Enterprise Security Monitoring
Standalone Deployment
Distributed Deployment
Analyst VM
Event Conduit
Elastic Stack
Event Enrichment
Alerting
Hybrid Hunter
Stenographer
Investigating an Alert: Sguil - Kibana
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube