Playbook for Security Onion
03/30/21 • 34 min
Click here to send us your ideas and feedback on Blueprint!
Driving consistency and maintaining a high standard for alert response is a problem all SOCs must face, but how? In this episode, Josh Brower describes his efforts to combine automated detection signature deployment and use case database management into a single, easy to use app for Security Onion. Whether you use Security Onion or not, this episode dives into the design principles and workflow Josh used when designing the new open-source Playbook app and there’s something to learn from it for everyone on the Blue Team.
Our Guest - Josh Brower
Josh Brower has been crashing computers since his teens, and now feels fortunate to be doing it professionally. He has spent the last 12 years focusing on InfoSec, particularly network and endpoint detection. He also enjoys teaching around InfoSec issues, especially to non-technical learners - helping them to understand how their actions in the digital world have real-world consequences, as well as how to proactively reduce the risk.
Follow Josh
Twitter: @DefensiveDepth
LinkedIn: /in/joshbrower
Web: https://defensivedepth.com
Support for the Blueprint podcast comes from the SANS Institute
Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!
Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.
With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.
Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: Blue Team Fundamentals - Security Operations and Analysis
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
Click here to send us your ideas and feedback on Blueprint!
Driving consistency and maintaining a high standard for alert response is a problem all SOCs must face, but how? In this episode, Josh Brower describes his efforts to combine automated detection signature deployment and use case database management into a single, easy to use app for Security Onion. Whether you use Security Onion or not, this episode dives into the design principles and workflow Josh used when designing the new open-source Playbook app and there’s something to learn from it for everyone on the Blue Team.
Our Guest - Josh Brower
Josh Brower has been crashing computers since his teens, and now feels fortunate to be doing it professionally. He has spent the last 12 years focusing on InfoSec, particularly network and endpoint detection. He also enjoys teaching around InfoSec issues, especially to non-technical learners - helping them to understand how their actions in the digital world have real-world consequences, as well as how to proactively reduce the risk.
Follow Josh
Twitter: @DefensiveDepth
LinkedIn: /in/joshbrower
Web: https://defensivedepth.com
Support for the Blueprint podcast comes from the SANS Institute
Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!
Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.
With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.
Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: Blue Team Fundamentals - Security Operations and Analysis
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
Previous Episode
The Blue Teamer's Blueprint for Malware Triage
Click here to send us your ideas and feedback on Blueprint!
Even if you're not a malware analyst, any blue teamer should be able to do some initial basic malware sample triage. The good news is that this is quite easy to do using freely available tools once you know what is available. Join John in this conversation with Ryan Chapman as they discuss how to reverse engineer malware and why you might want to do so.Our Guest - Ryan Chapman
Ryan Chapman works as a Principal Incident Response analyst. He also teaches SANS FOR610: Reverse Engineering Malware and is the lead organizer for CactusCon, Arizona's hcaker conference. Ryan has worked in Security Operations Center and Computer Incident Response Team roles that handled incidents from inception all the way through remediation. Reviewing log traffic; researching domains and IPs; hunting through log aggregation utilities; sifting through pack captures; analyzing malware; and performing host and network forensics are all things that Ryan loves to do. With Ryan, it's all about the blue team!
Follow Ryan
Twitter: @rj_chap
LinkedIn: /in/ryanjchapman
Web: https://incidentresponse.trainingSponsor's Note:
Support for the Blueprint podcast comes from the SANS Institute.
If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.
This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.
Check out the details at sansurl.com/450 Hope to see you in class!
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: Blue Team Fundamentals - Security Operations and Analysis
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
Next Episode
AppSec, DevOps and DevSecOps
Click here to send us your ideas and feedback on Blueprint!
What is AppSec, DevOps and DevSecOps? In this episode we discuss why defenders should know more about these terms and what the consequences are of ignoring these new and critical fields.
Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.
Advisor: Nord VPN, Cloud Defense, NeuraLegion, ICTC PAC, WoSEC
Founder: We Hack Purple, WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMonday
Support for the Blueprint podcast comes from the SANS Institute.
Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: Blue Team Fundamentals - Security Operations and Analysis
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
Blueprint: Build the Best in Cyber Defense - Playbook for Security Onion
Transcript
John Hubbard 00:00
are you looking for the best in depth training for your cyber defense team look no further than sans blue team courses whether you focus on network or host data windows linux or even specialize in open source intelligence seam sock or defensive architecture the sans blue team curriculum has the course for you from longtime classics like sec 503 network intrusion detection to the newer sec 530 defensible security architecture and engineering and sec 47
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/blueprint-build-the-best-in-cyber-defense-234200/playbook-for-security-onion-26251393"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to playbook for security onion on goodpods" style="width: 225px" /> </a>
Copy