Network Monitoring with Security Onion (W48)


In stock

Get the access to all our courses via Subscription



Do you have a requirement to identify the right framework and tool to monitor your own network? If so, this course is for you! This online course discusses Security Onion, a free and open source platform for network security monitoring, log management and threat hunting. Through a series of videos, this course will introduce network security monitoring platforms and deploy them through a hassle-free environment. 

The "Network Monitoring with Security Onion" online course by eForensics Magazine utilizes parts of the Security Onion Documentation. Security Onion Documentation by Security Onion Solutions, LLC is licensed under CC BY 4.0. You can read more about this license at

Why THIS course? 

This course covers the tool and processes required to integrate network evidence sources into investigations, with a focus on open source, efficiency and effectiveness.

Why NOW? 

  • Increasing demand for sophisticated cybersecurity tools to detect and investigate cyberattacks and financial frauds is expected to drive market growth.
  • The network forensics market was valued at USD 2.01 billion in 2020 and is expected to reach USD 4.62 billion by 2025, at a CAGR of 14.9% over the forecast period 2020 - 2025.

Who is this course for? 

  • Cybersecurity professionals
  • Network security analysts
  • SOC analysts
  • Systems administrators
  • Legal professionals
  • IT managers


What skills will you gain? 

  • Network security monitoring
  • Intrusion detection
  • Threat hunting
  • Network forensics analysis

You will be able to perform network security monitoring in a production environment, and how to deploy your own Security Onion environment. 

What will you learn about? 

By the end of this course, you will have everything you need to further improve your skills as a security analyst, security engineer, or security architect. These skills are easily transferable to other network security monitoring products, such as commercial ones commonly found in the enterprise. 

What tools will you use? 

Security Onion (includes Snort, Suricata, Zeek, Kibana and many other security tools).



DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points. 

Course format:

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text

What should you know before you join? 

Knowledge of the following information technology fundamentals is required. 

  • Networking
  • Computer hardware
  • Operating systems (Ubuntu), and 
  • Applications 

What will you need? 


  • 8GB RAM (minimum)
  • 2 CPU cores 
  • 50GB free disk space


  • VMware Workstation or Virtualbox
  • Security Onion ISO image


Module 0: Introduction

Network Security – Intrusion Detection and Prevention – Threat Hunting – Log Management

Module 1: Getting started

This module focuses on core components, high-level architecture, and layers of Security Onion. As the official documentation states, the platform provides "visibility into network traffic and context around alerts and anomalous events". This first module aims to prepare you for working with Security Onion as you network monitoring solution. 

  • Introduction to Security Onion
  • SO 2.x Architecture
  • Deployment Scenarios
  • Hardware and Software Requirements

Module 1 exercises: 

  • Setting up Security Onion with Virtualbox/VMware Workstation

3 hours (including exercises)

Module 2: Security Onion Console (SOC)

Security Onion Console (SOC) is the beating heart of the platform. Understanding it will let you utilize your network management skillset to its full potential. In this module, you will also see how to use tools like Hunt, PCAP, Kibana, CyberChef, and more. 

  • Hunt interface
  • PCAP interface
  • Kibana
  • Grafana
  • CyberChef
  • Playbook
  • Fleet
  • TheHive
  • ATT&CK Navigator

Module 2 exercises: 

  • Analyzing PCAP files in SOC using SO’s so-import-pcap

5 hours (including exercises)

Module 3: Analyst VM, Network & Host Visibility

This section also covers the various processes that Security Onion uses to analyze and log network traffic. In this module, we will look at different analyst tools that can be used for dissecting packets and analyzing network data. We will also delve into the Analyst VM, which includes tools such as NetworkMiner, Wireshark etc. 

Analyst VM

  • Network Miner
  • Wireshark

Network Visibility

  • Stenographer
  • Suricata
  • Zeek
  • Strelka

Host Visibility

  • osquery
  • Beats
  • Wazuh
  • Syslog
  • Sysmon
  • Autoruns

Module 3 exercises: 

  • Network security monitoring with Zeek and Suricata
  • Automatic data analysis for host intrusion detection using Wazuh

6 hours (including exercises)

Module 4: Logs, Tuning and Utilities

In this section, we will discuss the different logs generated by our network monitoring setup. This module will also cover tuning our Security Onion environment to ensure the best performance. Finally, we will conclude with some of the main utilities in Security Onion.


  • Ingest
  • Filebeat
  • Logstash
  • Redis
  • Elasticsearch
  • ElastAlert
  • Curator
  • Data Fields
  • Zeek Fields


  • Salt
  • Managing Rules
  • Managing Alerts
  • High Performance Tuning


  • so-allow
  • so-import-pcap

Module 4 exercises: 

  • Collecting and analysing log files using Filebeat, Logstash and Elasticsearch

4 hours (including exercises)

Final exam:

30 Multiple choice questions (MCQs)

Your instructor: Sivaraman Eswaran

Dr. Sivaraman Eswaran received the M.E. degree in Computer Science and Engineering from Karpagam University, India, in 2013 and the Ph.D. degree in Computer Science from Bharathiar University, India, in 2019. He is currently working as Assistant Professor with the Computer Science and Engineering department, PES University, Bangalore. He is a research member of Center for Information Security, Forensics and Cyber Resilience (ISFCR) at PES University. He has qualified National Eligibility Test (NET) for Assistant Professor, Computer Science and Application conducted by University Grants Commission, New Delhi and State Eligibility Test (SET) for Assistant Professor, Computer Science and Application conducted by Government of Tamil Nadu. He is a Microsoft Certified Professional and EMC Academic Associate. He is a life member of Computer Society of India and Indian Society for Technical Education. He has published more than 10 research articles in journals of reputed publishers like Springer, Inderscience, IET. He has also filed and published three patents in security and IoT related area. His research interests include cloud computing and cyber security.

The "Network Monitoring with Security Onion" online course by eForensics Magazine utilizes parts of the Security Onion Documentation. Security Onion Documentation by Security Onion Solutions, LLC is licensed under CC BY 4.0. You can read more about this license at


If you have any questions, please contact us at [email protected].


There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023