For those not already familiar with Security Onion and NSM, I'll give a quick recap. Network Security Monitoring is the practice of capturing network alert data and combining it with full session data and as much complete traffic data that we can store. One of the things that drove me insane with IDS on its own was the lack of context around the alerts. Using NSM, we are able to go from looking at an alert and drill down to what was actually crossing the wire before, during and after the event. Security Onion takes a large number of separate tools and combines them so that we can easily go through the NSM process. It is a Linux distribution that is designed to stand alone or be a distributed monitoring system across your networks. Oh, and its dead easy to setup and maintain.
So with that, here is the video of my presentation at UTOSC 2012.
Peeling Back the Security Onion.