Security Onion Training
This course provides essential training for deployment and operation of Security Onion, a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
What do previous students say about the class?
“I highly, HIGHLY recommend attending this class. I attended the class in Houston and it was excellent … I also met many interesting people and made some new contacts. All in all, if this class comes anywhere near me again … I’ll be going if I have to host a bake sale to get there.”
“I appreciated the mixture of Doug’s obvious significant real world experience, paired with his deep knowledge of security onion. I felt like the class not only helped me understand the tools but also helped me understand how I might best apply those tools.”
“One of the best courses I have taken. Phil was extremely knowledgeable. I would recommend this class to other people.”
What do students get?
- 4 days of classroom instruction from the developers of Security Onion
- Over 200 pages of course material
- Certificate of Completion
What hardware will be required for the class?
***Laptops will be provided***
Students can choose to bring their own laptop that meets the following requirements:
- At least 12-16 GB RAM on the machine, so that a full 8 GB RAM can be dedicated to one virtual machine (VM). More is better.
- At least 4 total CPU cores on the machine, so that 2 cores can be dedicated to one VM. More is better.
- One internal hard drive should have at least 50 GB free disk space. More is better. Solid State Drives are preferred, but not required.
- Virtualization software must be installed. We recommend VMWare Workstation, Workstation Player, or Fusion. Oracle VirtualBox works also. Please, no ESXi or similar platforms. Each student machine will only run one VM, which students install in class from the Security Onion ISO image. The VM will not interconnect with VMs on other student machines.
- The hardware and operating system must be capable of running a 64 bit VM. Note: Some 64 bit machines don’t automatically support a 64 bit VM. This should be tested ahead of class. See https://securityonion.net/wiki/installation
- Students need administrator/root access to the host operating system on the student machine. They should need this only once to add a virtual sniffing NIC to the VM.
- Must have an adequately sized screen. Note: Tablet computers such as the Microsoft Surface usually do not meet this requirement.
- Must be able to connect to a wireless network for Internet access.
Which version of Security Onion will we be using?
We’ll be using the latest Security Onion version as of February 4, 2019.
The latest release can be found here:
What do students need to bring to class?
Students need to bring the following:
- State-issued ID or Passport
- Optionally, students can bring a laptop meeting the requirements described above
What skills/knowledge should students have before attending this course?
Students should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required.
*This Course is being registered through Eventbrite and Security Onion Solutions