TN-575: Open Source Network Security Monitoring

 

Course Overview:

TN-575: Open Source Network Security Monitoring teaches students how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. No network is bullet proof and when attackers access your network, this course will show you how to build a security net to detect, contain, and control the attacker. Sensitive data can be monitored and deep packet and deep attachment analysis can be achieved. As organizations stand up a Security Operations Center (SOC) the enterprise NSM is the key ingredient to that SOC. This course not only teaches how to implement an NSM technologically, but how to effectively monitor an enterprise operationally. You will learn how to architect an NSM solution: where to deploy your NSM platforms and how to size them, stand-alone or distributed, and integration into packet analysis, interpret evidence, and integrate threat intelligence from external sources to identify sophisticated attackers. A properly implemented NSM is integral to incident response and provides the responders timely information to react to the incident. TN-575: Open Source Network Security Monitoring is a lab intensive environment with a cyber range that gives each student in-depth knowledge and practical experience monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls.

Attendees to TN-575: Open Source Network Security Monitoring class will receive TechNow approved course materials and expert instruction.

This Course is taught utilizing Security Onion or RockNSM as specified by the customer.

Dates/Locations:

No Events

Duration: 5 Days

Course Objective:

The focus of this course is to present a suite of Open Source security products integrated into a highly functional and scalable Network Security Monitoring solution.

Prerequisites:

Students should have a basic understanding of networks, TCP/IP and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required

Course Outline:

  • Network Security Monitoring (NSM) Methodology
  • High Bandwidth Packet Capture Challenges
  • Installation of Security Onion
    • Use Cases (analysis, lab, stand-alone, distributed)
    • Resource Requirements
  • Configuration
    • Setup Phase I – Network Configuration
    • Setup Phase 2 – Service Configuration
    • Evaluation Mode vs. Configuration Mode
    • Verifying Services
  • Security Onion Architecture
    • Configuration Files and Folders
    • Network Interfaces
    • Docker Environment
    • Security Onion Containers
  • Overview of Security Onion Analyst Tools
    • Kibana
    • CapME
    • CyberChef
    • Squert
    • Sguil
    • NetworkMiner
  • Quick Review of Wireshark and Packet Analysis
    • Display and Capture Filters
    • Analyze and Statistics Menu Options
    • Analysis for Signatures
  • Analyzing Alerts
    • Replaying Traffic
    • 3 Primary Interfaces:
      • Squert
      • Sguil
      • Kibana
    • Pivoting Between Interfaces
    • Pivoting to Full Packet Capture
  • Snort and Surricata
    • Rule Syntax and Construction
    • Implementing Custom Rules
    • Implementing Whitelists and Blacklists
  • Hunting
    • Using Kibana to Slice and Dice Logs
    • Hunting Workflow with Kibana
  • Bro
    • Introduction and Overview
      • Architecture, Commands
    • Understanding and Examining Bro Logs
      • Using AWK, sort, uniq, and bro-cut
    • Working with traces/PCAPs
    • Bro Scripts Overview
      • Loading and Using Scripts
    • Bro Frameworks Overview
      • Bro File Analysis Framework FAF
    • Using Bro scripts to carve out more than files
  • RockNSM ( * If Applicable)
    •  Kafka
      • Installation and Configuration
      • Kafka Messaging
      • Brokers
      • Integration with Bro and FSF
    • File Scanning Framework FSF
      • Custom YARA Signatures
      • JSON Trees
      • Sub-Object Recursion
      • Bro and Suricata Integration
  • Elastic Stack
    • Adding new data sources in Logstash
    • Enriching data with Logstash
    • Automating with Elastalert
    • Building new Kibana dashboards
  • Production Deployment
    • Advanced Setup
    • Master vs Sensor
    • Node Types – Master, Forward, Heavy, Storage
    • Command Line Setup with sosetup.conf
    • Architectural Recommendations
    • Sensor Placement
    • Hardening
    • Administration
    • Maintenance
  • Tuning
    • Using PulledPork to Disable Rules
    • BPF’s to Filter Traffic
    • Spinning up Additional Snort / Suricata / Bro Workers to Handle Higher Traffic Loads

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

Welcome to TechNow!

Welcome to TechNow! The Leader in Information Security Training & Computer Training.

The world of information security and computer training is ever changing.  The techniques and systems continue to evolve and we must stay current and diligent.  To do this, you can count on TechNow®…the leader in cybersecurity training and computer system training.

TechNow® has been training the leaders in the computer community for many years.  We provide training for students in a number of areas.  Our cybersecurity trainings include popular courses like D0D 8140, Security , CISM, CISSP, CEH,CCNA, and more.  With over 34 years of experience, we’re able to provide you with unmatched training and certification programs.

TechNow also provides a variety of other popular trainings for the computer professional including Cisco, EC-Council, CompTIA, Unix/Linux and more.

.

Search Our Site

Upcoming Events

  • CT-245: Linux+
    • 12/01/2025 – 12/05/2025
    • San Antonio
  • CT-395: CySA+ Cybersecurity Analyst
    • 12/01/2025 – 12/05/2025
    • San Antonio
  • IT-113: IT Infrastructure Library (ITIL) v4 – Foundations Course
    • 12/08/2025 – 12/11/2025
    • San Antonio
  • CT-425: CompTIA Advanced Security Practitioner (CASP+)
    • 12/08/2025 – 12/12/2025
    • San Antonio
  • CT-225: Network+
    • 12/15/2025 – 12/19/2025
    • San Antonio
  • all events

    • in   

    TN-949: Certified Firewall Analyst Course

    Course Overview:

    This is a hands-on course that covers many of the concepts of securing the perimeter of an organization. This includes concepts such as intrusion detection, packet filtering, and central logging.

    A skills focus enables the student to better absorb the subject matter and perform better on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of Firewalls.

    This course is an excellent precursor to PA-215 Palo Alto Firewall Essentials FastTrack.

    Attendees to TN-949: Certified Firewall Analyst Prep will receive TechNow approved course materials and expert instruction.

    Date/Locations:

    No Events

    Duration: 5 days

    Course Objectives:

    • Analyzing Network and Wireless Design
    • Creating and Auditing a Rulebase
    • Firewall Assessment and Penetration Testing
    • Host-Based Detection and DLP
    • Incident Detection and Analysis
    • IOS and Router Security
    • IPv6 and ICMPv6
    • Log Collection and Analysis
    • NAT and Proxies
    • Netfilter IPtables
    • Network Access Control
    • Network-Based Intrusion Detection
    • Packet Filters and Inspection
    • Packet Fragmentation
    • Perimeter Concepts and IP Fundamentals
    • Securing Hosts and Services
    • TCP/IP Protocols
    • VPN Design and Auditing
    • VPN Implementation

    Course Prerequisites:

    • GSEC or equivalent experience
    • UNIX, Windows, networking and security  experience
    • This is a hands-on skill course requiring comfort with command line interaction and network communications

    Comments

    Latest comments from students

    Liked the class?  Then let everyone know!

    CT-425: CompTIA SecurityX

    Course Overview:

    SecurityX®  (formerly known as CASP+)  course prepares you for the CompTIA SecurityX® certification exam (CVO-005) and demonstrates your knowledge and skills in enterprise security, risk management, research and analysis, and the integration of computing, communications, and business disciplines. This course will prepare students for the objectives covered in the CompTIA SecurityX certification exam (CVO-005).

    Attendees to CT-425: CompTIA SecurityX will receive TechNow approved course materials and expert instruction.

    Date/Locations:

    Date/Time Event
    12/08/2025 - 12/12/2025
    09:00 -17:00     		CT-425: CompTIA Advanced Security Practitioner (CASP+)
    TechNow, Inc, San Antonio TX
    03/09/2026 - 03/13/2026
    08:00 -16:00     		CT-425: CompTIA SecurityX
    TechNow, Inc, San Antonio TX
    06/08/2026 - 06/12/2026
    08:00 -16:00     		CT-425: CompTIA SecurityX
    TechNow, Inc, San Antonio TX
    08/31/2026 - 09/04/2026
    08:00 -16:00     		CT-425: CompTIA SecurityX
    TechNow, Inc, San Antonio TX
    11/30/2026 - 12/04/2026
    08:00 -16:00     		CT-425: CompTIA SecurityX
    TechNow, Inc, San Antonio TX

    Duration: 5 days

    Course Objectives:

    • Support IT governance in the enterprise with an emphasis on managing risk
    • Leverage collaboration tools and technology to support enterprise security
    • Use research and analysis to secure the enterprise
    • Integrate advanced authentication and authorization techniques
    • Implement cryptographic techniques
    • Implement security controls for hosts
    • Implement security controls for mobile devices
    • Implement network security
    • Implement security in the systems and software development lifecycle
    • Integrate hosts, storage, networks, applications, virtual environments, and cloud technologies in a secure enterprise architecture
    • Conduct security assessments
    • Respond to and recover from security incidents

    Prerequisites:

    Completion of the following or equivalent knowledge:

    Minimum of 10 years general hands on IT experience

    5 years being hands-on security

    CompTIA Certification: Network+

    CompTIA Certification: Security+

    CompTIA Certification: CySA+

    OR equivalent knowledge

    Comments

    Latest comments from students

    User: clbrack

    Instructor comments: I expect to pass, another great class from technow!

    User: christopher0470

    Instructor comments: Alan takes the time to cover the material so that you understand the concepts and applications of the information presented.

    Facilities comments: I like the location. It was quiet and very conducive to learning.

    Liked the class?  Then let everyone know!

    CT-205: A+ Certification Course

    Course Overview:

    CT-205: A+ Certification Course provides students with the skills, knowledge and understanding that will enable them to install, configure, upgrade, troubleshoot and repair personal computer systems.  The A+ curriculum is excellent preparation for almost any computer related career or position.  This course lays the foundation for further study in networking and programming.  Designed for the new computer professional who has support knowledge of PC hardware, but needs to expand upon that knowledge.

    Attendees to CT-205: A+ Certification Course will receive TechNow approved course materials and expert instruction.

    Dates/Locations:

    Date/Time Event
    01/26/2026 - 01/30/2026
    08:00 -16:00     		CT-205: A+ Certification Course
    TechNow, Inc, San Antonio TX
    04/20/2026 - 04/24/2026
    08:00 -16:00     		CT-205: A+ Certification Course
    TechNow, Inc, San Antonio TX
    07/20/2026 - 07/24/2026
    08:00 -16:00     		CT-205: A+ Certification Course
    TechNow, Inc, San Antonio TX
    10/26/2026 - 10/30/2026
    08:00 -16:00     		CT-205: A+ Certification Course
    TechNow, Inc, San Antonio TX

    Duration: 5 Days

    Course Objectives:

    • Identifying, Adding & Removing System Components
    • Installation, Configuring & System Optimization
    • Diagnosing & Troubleshooting Problems
    • Power Protection & Safety Procedures
    • Motherboards, Processors & Memory
    • Printers
    • Basic Networking
    • Operating System Fundamentals
    • Installation, Configuration & Upgrade
    • Diagnosing & Troubleshooting
    • Networks

    Prerequisites:

    • None

    Comments

    Latest comments from students

    User: whiggins29

    Instructor comments: Very knowledgeable, very engaging.

    User: jstuke12

    Instructor comments: Instructor was wonderful, Tim explained all questions fully and was a pleasure to learn from.

    Facilities comments: Facilities were outstanding.

    Like the class?  Then let everyone know!