Detection Engineering with Security Onion 2.4

A scenario based approached to addressing detection gaps using Security Onion 2.4.

This course is geared for those wanting to understand how to build a Detection Playbook with Security Onion 2.4. Students will gain both a theoretical and practical understanding of building detections in Security Onion, reinforced with real-life examples from network and host datasources.

This course briefly covers the following topics:
- The Detection Engineering process
- Writing, Testing & Deploying to Production - Suricata Rules
- Writing, Testing & Deploying to Production - Yara Signatures
- Configuring Zeek to extract additional filetypes
- Developing a host baseline using osquery packs
- Configuring a Security Onion Intrusion Detection Honeypot (IDH) Node.

Prerequisites: Security Onion Essentials is the recommended prerequisite for Detection Engineering with Security Onion 2.4.

Upon completing the class, attendees will receive a Certificate of Completion.

Please note that pricing is per student. If you have multiple students attending the training in one conference room, please register each student individually. You will have full access for 6 months after purchase.


Your Instructor


Bryant Treacle
Bryant Treacle

Bryant Treacle has over 23 years of cybersecurity and IT networking experience in the Department of Defense (DoD) and commercial industries. Over the years, Bryant has worked with many customers, providing architectural, design, and implementation recommendations to solve a multitude of cybersecurity and IT networking challenges using an integrated portfolio of products across the network, endpoint, and cloud. Bryant holds a master's degree in Cyber Security and several professional certifications. He is currently a Senior Engineer and Training Manager at Security Onion Solutions LLC.


Course Curriculum


  Detection Engineering with Security Onion 2.4
Available in days
days after you enroll
  Reactive Detection Gap Analysis
Available in days
days after you enroll
  Proactive Detection Gap Analysis
Available in days
days after you enroll
  Course Wrapup
Available in days
days after you enroll

Frequently Asked Questions


How long do I have access to the course?
You will have full access for 6 months after purchase.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 30 days and we will give you a full refund.
Will I get an invoice or receipt for my purchase?
You will automatically get a receipt for your purchase and it will include all the information that you need for tax purposes.

Get started now!