Building a Detection Lab with SecurityOnion

Explore the process of building a detection lab using SecurityOnion in this conference talk from Security Onion Conference 2019. Learn from Wylie Bayes as he covers essential topics including environment setup, topology, OpenBSD firewall configuration, custom firewall rules, student access rules, network data collection, Windows logs, and system data. Discover various scenarios such as public internet exploits, attack vectors, and Capture the Flag (CTF) exercises. Gain insights into alert management, unrealistic attack simulations, and ESXi implementation. This 32-minute presentation provides valuable knowledge for cybersecurity professionals looking to enhance their detection capabilities and create effective training environments.

Intro
Who am I
Agenda
Environment
Topology
OpenBSD
Firewall
Host Name
PF Comm File
Custom Firewall Rules
Student Access Rules
Mirror Packet Length
Define Sources
Network Data
Windows Logs
System On Data
Scenarios
Public Internet
Exploit
Screenshot
Alerts
Unreal
Attack vector
CTF
Capture the Flag
Questions
ESXi