Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Developing Your Detection Playbook with Security Onion 2.3
Start Here!
Course Welcome & Introduction to Security Onion (12:54)
Security Onion Installation (12:11)
Developing a Detection Playbook
Detection Engineering (13:06)
Key Components of a Play (8:36)
Operationalizing Plays with Sigma (9:18)
Module Knowledge Check
Playbook Essentials
Getting Started with Playbook (15:07)
Creating New Plays (11:02)
Module Knowledge Check
Scenario 1 - Suricata (NIDS)
Scenario Context (4:57)
Create Detection - Suricata Rule (11:55)
Create Detection - Play (5:21)
Move to Production (9:42)
Module Knowledge Check
Scenario 2 - Sysmon
Scenario Context (9:23)
Sysmon Deployment & Log Shipping to Security Onion (13:19)
Create Detection & Test (10:57)
Move to Production (4:02)
Module Knowledge Check
Scenario 3 - Zeek & Strelka
Scenario Context (10:05)
Configure Datasource - Zeek File Extraction (12:17)
Create Detection & Test - Play (8:12)
Move to Production & Tune (3:41)
Module Knowledge Check
Wrap Up
Course Recap (2:48)
Your Feedback
Your Feedback
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock