Practical Analysis with Security Onion 2.4

This course is a primer designed to demo three essential workflows in Security Onion: Alert Triage, Threat Hunting, & Detection Engineering

This course is geared for those interested in seeing how Security Onion is used practically to triage alerts, hunt for threats, as well as build new detections. This course consists of three case studies that briefly cover the 3 most common workflows used in Security Onion:

  • Case Study 1: Alert Triage & Case Creation - This case study walks through how to triage alerts within the alerts interface, investigate them, and maintain case notes in Cases.
  • Case Study 2: Threat Hunting - This case study focuses on threat hunting within Security Onion using the Hunt and Dashboards tools, searching for evidence of DNS exfiltration.
  • Case Study 3: Detection Engineering - This case study covers the process of designing and deploying new detections for malicious activity, with an example of the DNS exfiltration discovered in the previous case study.

Prerequisites: Security Onion Essentials is the recommended prerequisite for Practical Analysis with Security Onion.

Upon completing the class, attendees will receive a Certificate of Completion.

Please note that pricing is per student. If you have multiple students attending the training in one conference room, please register each student individually. You will have full access for 6 months after purchase.

Your Instructor

Matt Gracie
Matt Gracie

Matthew Gracie is a defensive security specialist with fifteen years of Blue Team experience in higher education, manufacturing, financial services, and healthcare. He is currently a Senior Engineer on the professional services team at Security Onion Solutions, as well as an adjunct professor of Cybersecurity in the graduate school at Canisius University. Matt is also the lead organizer of Infosec 716, a monthly meetup for security enthusiasts in Western New York, and the BSides Buffalo technology conference. He enjoys good beer, mountain bikes, open source security tools, and college hockey, and can be found on Twitter as @InfosecGoon.

Frequently Asked Questions

How long do I have access to the course?
You will have full access for 6 months after purchase.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 30 days and we will give you a full refund.
Will I get an invoice or receipt for my purchase?
You will automatically get a receipt for your purchase and it will include all the information that you need for tax purposes.

Get started now!