I’ve done another couple of videos about Security Onion focusing on how I can use The hunt to look for anomalies in network traffic. As for the previous video I give a disclaimer: I’m not a Security Onion expert, and those video are meant to keep track of my progress and to help others to familiarize with the tool.
In first video I start from an alert from Strelka and then proceed to identify possible compromised machine in the network as well as finding external malicious IPs.
In second video I push my analysis further, doing some more interesting queries in the Hunt. The purpose is understanding the basic syntax to query data in The Hunt.
As usually, any comment is welcome, mainly because these are my first video done in English and I know that there are room for lots of improvement.