I just finished my Cisco CCST Cybersecurity. The whole course of study is pretty much to get you skilled up enough to operate and understand the Security Onion console. The last half of the last class is all about handling the alerts.
Well, the CCST was a pretty cursory introduction to an extremely complicated platform. I checked out the vendor training, and its alright. Its a set of videos that walk you through setup and usage of a demo install. (See post link.) I've set it up at home, and I'm monitoring my network.
I know we use Security Onion at work, and I asked about it. Well apparently its completely broken, and my first task as a newly certified network security guy is to rebuild it.
Yup. I ate the Onion. ... err ... or I'm in process. Chomp, chomp, chomp.
Ah, ok. Thanks, that's a nice summary to get me on the right track... it might be something we need to evaluate for our team at work.
Thanks!