Security Onion is a Linux distribution designed for network security monitoring. The unique combination of features like pivoting from one tool to another one, having different data types and the capability to create a distributed sensor architecture make Security Onion one of the most powerful solutions which often outperforms commercial products.
The goal of this introductory workshop is to familiarize the participants with Security Onion. We will install and configure Security Onion in a Virtual Machine and take a look at the primary interfaces and do a few exercises and real life case studies, replay traffic and perform analysis using the tools and data types available in Security Onion.
A laptop with at least 8 GB of RAM and 20 GB disk
Type-2 hypervisor such as VMWare Workstation
Security Onion image in advance from GitHub: https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md