Developing Your Detection Playbook with Security Onion 2

How to build a detection playbook within Security Onion 2 using a variety of log sources

This course is geared for those wanting to understand how to build a Detection Playbook with Security Onion 2. Students will gain both a theoretical and practical understanding of building detections in Security Onion, reinforced with real-life examples from network and host datasources.

This course briefly covers the following topics:
  • Security Onion Introduction & Distributed Installation
  • The Detection Engineering process
  • How to write practical Detection Plays
  • Operationalizing Detection Plays with Sigma
  • Getting Started with Security Onion Playbook
  • Writing, Testing & Deploying to Production - Suricata Rules
  • Writing, Testing & Deploying to Production - Playbook Plays
  • Configuring Zeek to extract additional filetypes
  • Installing Sysmon with SwiftonSecurity's configuration & shipping those logs to Security Onion
You can see the full curriculum by clicking the down arrow under the Class Curriculum section.
Prerequisites: Security Onion Essentials is the recommended prerequisite for Developing your Detection Playbook in Security Onion 2.
Upon completing the class, attendees will receive a Certificate of Completion.

Please note that pricing is per student. If you have multiple students attending the training in one conference room, please register each student individually. You will have full access for 6 months after purchase.


Your Instructor


Josh Brower
Josh Brower

Josh has been crashing computers since his teens, and now feels fortunate to be doing it professionally. He has spent the most of his career focusing on Information Security, particularly network and endpoint detection.

As an early adopter of Security Onion, Josh has deployed and used Security Onion in a number of different environments. Joining Security Onion Solutions in 2019, he now uses that experience to continue developing the platform as well as helping lead others to peel back the layers of their enterprise.


Course Curriculum


  Start Here!
Available in days
days after you enroll
  Developing a Detection Playbook
Available in days
days after you enroll
  Playbook Essentials
Available in days
days after you enroll

Frequently Asked Questions


How long do I have access to the course?
You will have full access for 6 months after purchase.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 30 days and we will give you a full refund.
Will I get an invoice or receipt for my purchase?
You will automatically get a receipt for your purchase and it will include all the information that you need for tax purposes.

Get started now!