Developing Your Detection Playbook with Security Onion 2
How to build a detection playbook within Security Onion 2 using a variety of log sources
This course is geared for those wanting to understand how to build a Detection Playbook with Security Onion 2. Students will gain both a theoretical and practical understanding of building detections in Security Onion, reinforced with real-life examples from network and host datasources.
- Security Onion Introduction & Distributed Installation
- The Detection Engineering process
- How to write practical Detection Plays
- Operationalizing Detection Plays with Sigma
- Getting Started with Security Onion Playbook
- Writing, Testing & Deploying to Production - Suricata Rules
- Writing, Testing & Deploying to Production - Playbook Plays
- Configuring Zeek to extract additional filetypes
- Installing Sysmon with SwiftonSecurity's configuration & shipping those logs to Security Onion
Josh has been crashing computers since his teens, and now feels fortunate to be doing it professionally. He has spent the most of his career focusing on Information Security, particularly network and endpoint detection.
As an early adopter of Security Onion, Josh has deployed and used Security Onion in a number of different environments. Joining Security Onion Solutions in 2019, he now uses that experience to continue developing the platform as well as helping lead others to peel back the layers of their enterprise.