Security Onion Foundations Lab

WWT's Cyber Range is a dynamic, live-fire cyber exercise designed to give security teams the real-world training they need to sharpen their cybersecurity skills and increase vigilance in an ever-evolving threat landscape. During a Blue Team event, you may be required to use tools that you don't have experience with. 

Security Onion is a free and open platform for threat hunting, network security monitoring, and log management. Security Onion includes best-of-breed free and open tools including Suricata, Zeek, the Elastic Stack, and many others.

This lab gives you an environment and guide to walk you through the Security Onion tool which you may need to leverage during a Cyber Range Blue Team event.

The purpose of this lab is to help you gain proficiency with the Security Onion tool that is available in some of the Cyber Range Blue Team events. While the Security Onion tool has many capabilities we will be focused on the capabilities that may help you find flags in a Cyber Range blue team event. The hope is that after completing this lab you will feel more comfortable jumping in and participating in your first Blue Team event!

The lab environment allows you to:

• Get hands-on with the Security Onion tool
• Explore the pre-made Security Onion dashboards
• Explore the Security Onion hunt feature
• Examine a real threat incident with the Security Onion tool

Software

• Security Onion

Hardware

• 3x Linux Machines
• 1x Windows 10 Client
• 2x Windows 2016 Servers
• 1x Vyos Router