Do you have a requirement to identify the right framework and tool to monitor your own network? If so, this course is for you! This online course discusses Security Onion, a free and open source platform for network security monitoring, log management and threat hunting. Through a series of videos, this course will introduce network security monitoring platforms and deploy them through a hassle-free environment. 

Why THIS course? 

This course covers the tool and processes required to integrate network evidence sources into investigations, with a focus on open source, efficiency and effectiveness.

Why NOW? 

  • Increasing demand for sophisticated cybersecurity tools to detect and investigate cyberattacks and financial frauds is expected to drive the market growth.
  • The network forensics market was valued at USD 2.01 billion in 2020 and is expected to reach USD 4.62 billion by 2025, at a CAGR of 14.9% over the forecast period 2020 - 2025.

Who is this course for? 

  • Cybersecurity professionals
  • Network security analysts
  • SOC analysts
  • Systems administrators
  • Legal professionals
  • IT managers


What skills will you gain? 

  • Network security monitoring
  • Intrusion detection
  • Threat hunting
  • Network forensics analysis

You will be able to perform network security monitoring in a production environment, and how to deploy your own Security Onion environment. 

What will you learn about? 

By the end of this course, you will have everything you need to further improve your skills as a security analyst, security engineer, or security architect. These skills are easily transferable to other network security monitoring products, such as commercial ones commonly found in the enterprise. 

What tools will you use? 

Security Onion (includes Snort, Suricata, Zeek, Kibana and many other security tools).



DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points. 

COURSE LAUNCH: October 21st 

Course format:

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What should you know before you join? 

Knowledge of the following information technology fundamentals is required. 

  • Networking
  • Computer hardware
  • Operating systems (Ubuntu), and 
  • Applications 

What will you need? 


  • 8GB RAM (minimum)
  • 2 CPU cores 
  • 50GB free disk space


  • VMware Workstation or Virtualbox
  • Security Onion ISO image


Module 0: Introduction

Network Security – Intrusion Detection and Prevention – Threat Hunting – Log Management

Module 1: Getting started

Security Onion will provide visibility into network traffic and context around alerts and anomalous events, but it requires a commitment from the network administrator to review alerts, monitor the network activity, and most importantly, have a willingness, passion and desire to learn. This module focuses on core components, high-level architecture, and layers of Security Onion.

  • Introduction 
  • Core Components 
  • Use Cases 
  • High-level Architecture 
  • Deployment Types 
  • Security Onion Layers

Module 1 exercises: 

  • Setting Up Security Onion with Virtualbox

4 - 4,5 hours (including exercises)

Module 2: Analyst Tools

In this module, we will look at different analyst tools that can be used for slicing and dicing data coming from network and endpoints. Many of the analyst tools are browser-based. The Security Onion ISO image includes the Chromium browser. It includes tools such as Kibana, Sguil, Squert, NetworkMiner, etc.

  • Browser
  • Analyst Tools
  • Kibana 
  • Sguil 
  • Squert 
  • NetworkMiner 
  • Wireshark

Module 2 exercises: 

  • Analyzing server logs with Kibana
  • NetworkMiner PCAP file analyzer
  • Querying and reporting using Squert

4 - 4,5 hours (including exercises)

Module 3: Network Visibility

This section covers the various processes that Security Onion uses to analyze and log network traffic. NIDS/HIDS tools such as Snort, Suricata, and Wazuh are used for monitoring network traffic, looking for specific activity, and generating alerts. Security Onion uses netsniff-ng to collect full packet capture in the form of pcap files.

  • Network and Host Intrusion Detection System –
  • Snort 
  • Suricata 
  • Capme 
  • Zeek 
  • Wazuh 
  • netsniff-ng

Module 3 exercises: 

  • NIDS alerts from Snort and Suricata
  • Network Security Monitoring with Zeek
  • Full packet capture using netsniff-ng

4 - 4,5 hours (including exercises)

Module 4: Host Visibility & Elastic Stack

In this module, we’ll review different ways that Security Onion can collect logs from endpoints. We can use Elastic Beats to facilitate the shipping of endpoint logs to Security Onion’s Elastic Stack. System Monitor (Sysmon) provides detailed information about process creations, network connections, and changes to file creation time. With syslog-ng, you can collect logs from any source, process them in real time and deliver them to a wide variety of destinations. ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.

  • Introduction 
  • Host Visibility 
  • Beats 
  • Wazuh 
  • syslog 
  • sysmon 
  • Elastic Stack 
  • Elasticsearch 
  • Logstash 
  • Kibana

Module 4 exercises: 

  • Collecting and analyzing network flow data with Elastic Stack
  • Setup Elasticsearch, Logstash and Kibana

4 - 4,5 hours (including exercises)

Final exam:

30 Multiple choice questions (MCQs)

Your instructor: Sivaraman Eswaran

Dr. Sivaraman Eswaran received the M.E. degree in Computer Science and Engineering from Karpagam University, India, in 2013 and the Ph.D. degree in Computer Science from Bharathiar University, India, in 2019. He is currently working as Assistant Professor with the Computer Science and Engineering department, PES University, Bangalore. He is a research member of Center for Information Security, Forensics and Cyber Resilience (ISFCR) at PES University. He has qualified National Eligibility Test (NET) for Assistant Professor, Computer Science and Application conducted by University Grants Commission, New Delhi and State Eligibility Test (SET) for Assistant Professor, Computer Science and Application conducted by Government of Tamil Nadu. He is a Microsoft Certified Professional and EMC Academic Associate. He is a life member of Computer Society of India and Indian Society for Technical Education. He has published more than 10 research articles in journals of reputed publishers like Springer, Inderscience, IET. He has also filed and published three patents in security and IoT related area. His research interests include cloud computing and cyber security.


If you have questions, feel free to contact our course coordinator Marta at [email protected]

Course Reviews


  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013