About

Hello, I am developing a detailed, practical tutorial for my cybersecurity blog aimed at practitioners and curious learners. The topic is "Log Normalization & Incident Tracing" using the Security Onion suite. To ensure the guide is technically accurate, clear, and valuable to the community, I'm looking for a subject matter expert to collaborate with me. Your role would be to work with me during one or more live, hands-on sessions. We will step through the entire process together on a shared screen. I will be driving, taking notes, and capturing screenshots for the blog post, while you will provide expert guidance, technical validation, and clarification on the key concepts. This is a collaborative content creation project, not a request for ghostwriting. The key areas we will cover for the tutorial include: Log Normalization with awk: Demonstrating how to convert Unix epoch timestamps in flat files and Apache logs into a human-readable format. Building the correct awk one-liners to handle different delimiters (like "|") and data structures (like brackets in Apache logs). Incident Tracing Using the Five-Tuple: Starting from an alert in Sguil (e.g., "GPL ATTACK_RESPONSE id check returned root") to begin an investigation. Pivoting from the alert to Wireshark to perform a deep-dive analysis of the packet capture by following the TCP stream. Pivoting again from the packet analysis to Kibana to search and filter Zeek logs based on IPs and protocols (like bro_ftp) to find related activity. Tracing a file transfer by identifying MIME types and viewing the file's content directly from Zeek's logs. The ideal collaborator for this project: Has deep hands-on expertise with the Security Onion platform (Sguil, ELK/Kibana, Zeek, etc.). Is highly proficient with Linux command-line tools, especially awk. Can explain complex technical workflows in a simple, clear, and logical way. Is comfortable working collaboratively in a live session. The final deliverable will be my completed notes and screenshots, validated by you, which I will then use to write the final blog post. Looking forward to creating a great piece of content with you.