Security Onion Fundamentals Analysts & Admins Columbia MD - Jan 28-31, 2025

About Security Onion

Security Onion is a free and open platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management. Security Onion has been downloaded over 2 million times and is being used by security teams around the world to monitor and defend their enterprises. Our easy-to-use Setup wizard allows you to build a distributed grid for your enterprise in minutes!

For more about Security Onion, please see https://securityonion.com

About the Course

This course is geared for analysts and administrators of Security Onion 2.4. Students will gain a foundational understanding of the platform - how to architect, deploy, and manage their Security Onion grid. The course also covers major analyst workflows, reinforced through real-world case studies. Each student will receive:

• 4 full days of class instruction from the developers of Security Onion
• 300+ pages of course material
• Certificate of Completion

When is the class?

Tuesday, January 28, 2025 through Friday, January 31, 2025

8-hour class with a one hour lunch from 8:00 AM - 5:00 PM (Eastern Time) each day

When does registration close?

Registration closes Thursday, January 9, 2025, at 11:59 PM US Eastern Time.

Where is the class being held?

The class is being held at Intelligenesis, 6950 Columbia Gateway Dr., Suite 450, Columbia, MD 21046.

Is there parking at the training venue?

There is free parking at the training venue.

What hardware, etc. will be required for the class?

Security Onion Solutions will provide laptops for use during the course.

Which version of Security Onion will we be using?

We will use Security Onion v2.4.110, released October 7, 2024.

You don't need it for the class, but the latest stable release can be found here: https://securityonion.com/download

What skills/knowledge should students have before attending this course?

Students should attend the free 2-hour Security Onion Essentials course before the first day of class. One topic covered by this course is building a Security Onion VM. Note that students do not need to build a Security Onion VM for this class. We will be using a pre-installed virtual lab.

Students should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required.

What's the cancellation policy?

Security Onion Solutions reserves the right to cancel this class up to one day after registration closes if the class does not meet a minimum number of students. If class is canceled, the training ticket cost will be refunded.

What's the refund policy?

You may log into your Eventbrite account to request a refund up until the last day of ticket sales. Please use the "Request a Refund" button as shown here: https://www.eventbrite.com/support/articles/en_US/How_To/can-i-get-a-refund

Are there discounts available?

For this course, we are offering a discount to active duty US military and active US Federal employees. Contact us for more information.

Does the class prepare students to pass the Security Onion Certified Professional (SOCP) exam?

Yes! In conjunction with the official Security Onion Documentation book, the instruction and associated course materials from this class will prepare you for the SOCP exam.

Is an SOCP exam voucher available?

Yes! We are offering an exam voucher with the class at $30 off the regular price. Just add it to your registration when you sign up for the class.

What topics are covered in this class?

Note: Syllabus is subject to change

• Security Onion Console
• Security Onion System Architecture
• Security Onion Workflows
  + Alert Triage & Case Creation with SOC Alerts and Cases
  + Threat Hunting with SOC Hunt and Dashboards
  + Detection Engineering

• Grid Management
  + Users
  + Firewalls
  + Monitoring
  + Troubleshooting

• Tuning the Grid
  + Berkeley Packet Filters
  + Performance Tuning - Zeek and Suricata
  + Data Pipeline Tuning - Logstash and Elasticsearch
  + Alert Tuning

• Customizing Security Onion Console
• Integrating Endpoint Telemetry
• Capstone Capture the Flag Event
• Multiple Labs and Case Studies

Host or Publisher Security Onion Solutions LLC