Do you have a requirement to identify the right framework and tool to monitor your own network? If so, this course is for you! This online course discusses Security Onion, a free and open source platform for network security monitoring, log management and threat hunting. Through a series of videos, this course will introduce network security monitoring platforms and deploy them through a hassle-free environment.
Why THIS course?
This course covers the tool and processes required to integrate network evidence sources into investigations, with a focus on open source, efficiency and effectiveness.
- Increasing demand for sophisticated cybersecurity tools to detect and investigate cyberattacks and financial frauds is expected to drive the market growth.
- The network forensics market was valued at USD 2.01 billion in 2020 and is expected to reach USD 4.62 billion by 2025, at a CAGR of 14.9% over the forecast period 2020 - 2025.
Who is this course for?
- Cybersecurity professionals
- Network security analysts
- SOC analysts
- Systems administrators
- Legal professionals
- IT managers
What skills will you gain?
- Network security monitoring
- Intrusion detection
- Threat hunting
- Network forensics analysis
You will be able to perform network security monitoring in a production environment, and how to deploy your own Security Onion environment.
What will you learn about?
By the end of this course, you will have everything you need to further improve your skills as a security analyst, security engineer, or security architect. These skills are easily transferable to other network security monitoring products, such as commercial ones commonly found in the enterprise.
What tools will you use?
Security Onion (includes Snort, Suricata, Zeek, Kibana and many other security tools).
COURSE IS SELF-PACED, AVAILABLE ON DEMAND
DURATION: 18 hours
CPE POINTS: On completion you get a certificate granting you 18 CPE points.
COURSE LAUNCH: October 21st
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What should you know before you join?
Knowledge of the following information technology fundamentals is required.
- Computer hardware
- Operating systems (Ubuntu), and
What will you need?
- 8GB RAM (minimum)
- 2 CPU cores
- 50GB free disk space
- VMware Workstation or Virtualbox
- Security Onion ISO image
Module 0: Introduction
Network Security – Intrusion Detection and Prevention – Threat Hunting – Log Management
Module 1: Getting started
Security Onion will provide visibility into network traffic and context around alerts and anomalous events, but it requires a commitment from the network administrator to review alerts, monitor the network activity, and most importantly, have a willingness, passion and desire to learn. This module focuses on core components, high-level architecture, and layers of Security Onion.
- Introduction to Security Onion
- SO 2.x Architecture
- Deployment Scenarios
- Hardware and Software Requirements
Module 1 exercises:
- Setting up Security Onion with Virtualbox/VMware Workstation
3 hours (including exercises)
Module 2: Security Onion Console (SOC)
Security Onion Console (SOC) is the first thing you see when you log into Security Onion. It includes a new Alerts interface which allows you to see all of your NIDS/HIDS alerts. It includes several analyst tools like Hunt, PCAP, Kibana, CyberChef, Playbook, TheHive, and ATT&CK Navigator.
- Hunt interface
- PCAP interface
- ATT&CK Navigator
Module 2 exercises:
- Analyzing PCAP files in SOC using SO’s so-import-pcap
5 hours (including exercises)
Module 3: Analyst VM, Network & Host Visibility
In this module, we will look at different analyst tools that can be used for slicing and dicing data coming from network and endpoints. Analyst VM includes tools such as NetworkMiner, Wireshark etc. This section also covers the various processes that Security Onion uses to analyze and log network traffic. NIDS/HIDS tools such as Suricata, Zeek and Wazuh are used for monitoring network traffic, looking for specific activity, and generating alerts.
- Network Miner
Module 3 exercises:
- Network security monitoring with Zeek and Suricata
- Automatic data analysis for host intrusion detection using Wazuh
6 hours (including exercises)
Module 4: Logs, Tuning and Utilities
In this section, we will discuss the different logs generated by network sniffing processes or endpoints. It will give answers to the questions like where do they go? how are they parsed? and how are they stored? This section will cover tuning our environment to get the best performance out of Security Onion. Finally, we will conclude with some of the main utilities in Security Onion.
- Data Fields
- Zeek Fields
- Managing Rules
- Managing Alerts
- High Performance Tuning
Module 4 exercises:
- Collecting and analysing log files using Filebeat, Logstash and Elasticsearch
4 hours (including exercises)
30 Multiple choice questions (MCQs)
Your instructor: Sivaraman Eswaran
Dr. Sivaraman Eswaran received the M.E. degree in Computer Science and Engineering from Karpagam University, India, in 2013 and the Ph.D. degree in Computer Science from Bharathiar University, India, in 2019. He is currently working as Assistant Professor with the Computer Science and Engineering department, PES University, Bangalore. He is a research member of Center for Information Security, Forensics and Cyber Resilience (ISFCR) at PES University. He has qualified National Eligibility Test (NET) for Assistant Professor, Computer Science and Application conducted by University Grants Commission, New Delhi and State Eligibility Test (SET) for Assistant Professor, Computer Science and Application conducted by Government of Tamil Nadu. He is a Microsoft Certified Professional and EMC Academic Associate. He is a life member of Computer Society of India and Indian Society for Technical Education. He has published more than 10 research articles in journals of reputed publishers like Springer, Inderscience, IET. He has also filed and published three patents in security and IoT related area. His research interests include cloud computing and cyber security.
If you have questions, feel free to contact our course coordinator Marta at [email protected]