About this Event
About Security Onion
Security Onion is a free and open platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management. Security Onion has been downloaded over 2 million times and is being used by security teams around the world to monitor and defend their enterprises. Our easy-to-use Setup wizard allows you to build a distributed grid for your enterprise in minutes!
For more about Security Onion, please see https://securityonion.com
About the Course
Security Onion Detection Engineering and Analysis In-Depth uses a scenario-based approach to equip analysts, administrators, and security engineers with the skills to identify detection gaps and develop technical solutions which cover those gaps. The course is intended for graduates of the Security Onion Fundamentals class and existing Security Onion practitioners who want to get more out of their Security Onion deployment.
Each student will receive:
- 4 full days of class instruction from the developers of Security Onion
- 300+ pages of course material
- Certificate of Completion
When is the class?
Tuesday, July 22, 2025 through Friday, July 25, 2025
8-hour class with a one hour lunch from 8:00 AM - 5:00 PM (Eastern Time) each day
When does registration close?
Registration closes Monday, July 7, 2025, at 11:59 PM US Eastern Time.
Where is the class being held?
The class is being held at Intelligenesis, 6950 Columbia Gateway Dr., Suite 450, Columbia, MD 21046.
Is there parking at the training venue?
There is free parking at the training venue.
What hardware, etc. will be required for the class?
Security Onion Solutions will provide laptops for use during the course.
Which version of Security Onion will we be using?
We will the latest release of Security Onion 2.4 as of June 23, 2025.
You don't need it for the class, but the latest stable release can be found here: https://securityonion.com/download
What skills/knowledge should students have before attending this course?
Students should attend the free 2-hour Security Onion Essentials course before the first day of class. One topic covered by this course is building a Security Onion VM. Note that students do not need to build a Security Onion VM for this class. We will be using a pre-installed lab.
Students should have an intermediate or higher understanding of networks, TCP/IP, and network application protocols such as DNS, HTTP, etc.
Linux OS and command line knowledge/experience is recommended.
Basic knowledge of Windows operations and investigation artifacts is recommended.
Basic network and host intrusion analysis knowledge/experience is recommended.
Attendance at a previous Security Onion 2 Fundamentals for Analysts and Administrators class is recommended.
What's the cancellation policy?
Security Onion Solutions reserves the right to cancel this class up to one day after registration closes if the class does not meet a minimum number of students. If class is canceled, the training ticket cost will be refunded.
What's the refund policy?
You may log into your Eventbrite account to request a refund up until the last day of ticket sales. Note that the Eventbrite fees of $292.06 are not refundable unless you are refunded due to class cancellation. Please use the "Request a Refund" button as shown here: https://www.eventbrite.com/support/articles/en_US/How_To/can-i-get-a-refund
Are there discounts available?
For this course, we are offering a discount to active duty US military and active US Federal employees. Contact us for more information.
Does the class prepare students to pass the Security Onion Certified Professional (SOCP) exam?
This class is not intended to be a certification prep class.
What topics are covered in this class?
Note: Syllabus is subject to change
- Advanced deployment architecture and configurations
- Administration, Optimization, and Troubleshooting
+ Managing Security Onion firewalls - Detection Engineering
+ Detection Engineering overview
+ Developing detections with Sigma
+ Filling detection gaps with Zeek
--- Implementing new Zeek scripts
--- Managing Zeek file extraction
+ Filling detection gaps with Suricata
--- Adding custom NIDS rules
--- Using Suricata to generate network metadata
--- Managing Suricata file extraction
--- Filtering network metadata
+ Writing and Implementing custom YARA rules in Strelka
+ Elastic Stack
--- Creating custom Elastic ingest pipelines
--- Installing and managing Elastic Agents
--- Adding and configuring integrations in Elastic Fleet
--- Building and implementing osquery query packs
--- Host baselining and anomaly detection using osquery
+ Configuring Security Onion Intrusion Detection Honeypot (IDH) Nodes - Security Onion Console (SOC) customizations
+ Saving custom Hunt and Dashboard queries
+ Customizing Cases
+ Adding custom pivots to the SOC context menu - Using the Elasticsearch API
+ Querying and filtering Elasticsearch data from the command line - Many hands-on labs and case studies
- Wrap-up/Q&A
Event Venue & Nearby Stays
IntelliGenesis LLC, 6950 Columbia Gateway Drive, Columbia, United States
USD 4398.00
