Fundamentals for Analysts and Threat Hunters
Students should attend the free 2-hour Security Onion Essentials course before the first day of class. One topic covered by the Essentials course is building a Security Onion VM. Note that students do not need to build a Security Onion VM for this class. We will be using a pre-installed lab.
Training at a glance
Level
Intermediate
Duration
4 Days
Experience
2 years: Agile
Average Salary
$150,000
Labs
Yes
Level
Intermediate
Duration
4 Days
Experience
2 years: Agile
Average Salary
$150,000
Labs
Yes
Training Details
This hands-on course is geared for security analysts and threat hunters using the Security Onion 2 platform, with very light coverage of administration. Students will learn core analyst techniques and how to apply them using real-world case studies covering major analyst workflows.
- Agile Overview
- Agile Manifesto
- Agile Principles
- Agile Methods
- Scrum Overview
- Scrum Advantages
- Security Onion Console Overview
- Security Onion 2 Grid Architecture
- Basic Administrative Tasks
- Manage User Accounts
- Validate Grid Health
- Crucial Network Protocols and Host-Based Datasets
- (HTTP, SSL, DNS, Windows, Sysmon, etc.)
- Correlate Network and Host Data with Security
- Onion Console
- Discuss SOC Analyst Methodologies
- Key Elements of the Security Event Management
- Process
- Incident Escalation and Resolution
- Understanding the Analysis & Investigation Process
- Leveraging the MITRE ATT&CK Framework to
- Improve Threat Hunting
- Security Onion Analyst Workflows
Alert Triage & Case Creation with Alerts and Cases
- Threat Hunting with Hunt and Dashboards
- Detection Engineering with Playbook
- Searching for Data in Security Onion
- Lucene
- Onion Query Language (OQL)
- Analyst Techniques
- Analyzing and Reconstructing Obfuscated
- Executables from Packets
- Finding Malicious Activity in Encrypted Traffic
- Detecting Hostile DNS Traffic (DNS tunneling, C2 over DNS, etc.)
- Tracking Adversary Activity Using Process
- Command Lines
- Identifying Anomalies Utilizing Network and Host
- Baselines
- Examining Data with CyberChef
- Visualizing Enterprise Data in Kibana
- Capstone Capture the Flag Event
- Multiple Labs and Case Studies
Students should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required.
- Security Onion Essentials at https://securityonionsolutions.com/training (2 hours; free)
Should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, SSL, etc.
- Knowledge/experience with Linux is recommended, but not required.
Upcoming Classes
We Offer More Than Just Applied Technology Academy Training
That’s because we provide everything you need to succeed. This is true for all of our courses.
Strategic Planning & Project Management
From Lean Six Sigma to Project Management Institute Project Management Professional, Agile and SCRUM, we offer the best-in-class strategic planning and project management training available. Work closely with our seasoned multi-decade project managers.
IT & Cybersecurity
ATA is the leading OffSec and Hack the Box US training provider, and a CompTIA and EC-Council award-winning training partner. We offer the best offensive and defensive cyber training to keep your team ahead of the technology skills curve.
Leadership & Management
Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership. Empower your team to play to each others’ strengths, inspire others and build a culture that values communication, authenticity, and community.
