This material has been designed to be taught in a classroom environment... hands-on 80% + talk 40% + slides 0% = 120% hard work
The online material is missing some of the contextual concepts and ideas that will be covered in class.
This is 3.5 days of material for any intermediate-level dev-ops who has some experience with other security|monitoring tools and wants to learn Arkime. We believe these classes are perfect for anyone who wants a jump start in learning Arkime or who wants a more thorough understanding of it internals.
Arkime was formerly named Moloch, so the materials on this site may still refer to it as Moloch in various ways or forms. Same holds true for the Arkime codebase.
Arkime is not meant to replace Intrusion Detection Systems (IDS). Arkime augments your current security infrastructure by storing and indexing network traffic in standard PCAP format, while also providing fast indexed access.
NB! Provided timeline is preliminary and will develop according to the actual progress of the class. On-site participation only.
-
10:30 Registration open, coffee
-
11:00 - 12:00
- Intro
- LS23 overview
-
13:00 - 15:00
-
15:30 - 17:00
- Hunting - LS RT Client Side
- Intro to LS23 data capture
-
09:30 - 10:30
-
11:00 - 12:00
-
13:00 - 15:00
-
15:30 - 17:00
-
09:30 - 10:30
-
11:00 - 12:00
-
13:00 - 15:00
-
15:30 - 17:00
- 09:30 - 10:30
- Arkime rules
- Splitting BT traffic
- Free topics - NB! propose topics you would like to hear about!
- Discussion of topics not covered in previous days
- 11:00 - 12:00
- Pikksilm
- vagrant, docker
- build from source, basic config
- WISE - Plugins
- Clustered elastic, multinode
- Clustering teamwork, cont
- evebox, scirius, kibana
- browse trough ...
- Arkime
- Arkime in GitHub
- Arkime FAQ
- Arkime learn
- InfoSec matters - Arkime FPC