Playbook for Security Onion

av BLUEPRINT | Publicerades 3/30/2021

Driving consistency and maintaining a high standard for alert response is a problem all SOCs must face, but how? In this episode, Josh Brower describes his efforts to combine automated detection signature deployment and use case database management into a single, easy to use app for Security Onion. Whether you use Security Onion or not, this episode dives into the design principles and workflow Josh used when designing the new open-source Playbook app and there’s something to learn from it for everyone on the Blue Team.Our Guest - Josh BrowerJosh Brower has been crashing computers since his teens, and now feels fortunate to be doing it professionally. He has spent the last 12 years focusing on InfoSec, particularly network and endpoint detection. He also enjoys teaching around InfoSec issues, especially to non-technical learners - helping them to understand how their actions in the digital world have real-world consequences, as well as how to proactively reduce the risk.Follow JoshTwitter: @DefensiveDepthLinkedIn: /in/joshbrower Web: https://defensivedepth.comSupport for the Blueprint podcast comes from the SANS InstituteAre you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.Check out the constantly growing list of available courses at sansurl.com/blueteamopsFollow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn

Om Podcasten

Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!