Skip to content

Latest commit

 

History

History
85 lines (61 loc) · 3.67 KB

README.md

File metadata and controls

85 lines (61 loc) · 3.67 KB

This material has been designed to be taught in a classroom environment... hands-on 80% + talk 40% + slides 0% = 120% hard work

The online material is missing some of the contextual concepts and ideas that will be covered in class.

This is 3.5 days of material for any intermediate-level dev-ops who has some experience with other security|monitoring tools and wants to learn Arkime. We believe these classes are perfect for anyone who wants a jump start in learning Arkime or who wants a more thorough understanding of it internals.

Arkime is a large scale, open source, full packet capturing, indexing, and database system.

Arkime was formerly named Moloch, so the materials on this site may still refer to it as Moloch in various ways or forms. Same holds true for the Arkime codebase.

Arkime is not meant to replace Intrusion Detection Systems (IDS). Arkime augments your current security infrastructure by storing and indexing network traffic in standard PCAP format, while also providing fast indexed access.

NB! Provided timeline is preliminary and will develop according to the actual progress of the class. On-site participation only.

Day 1 :: Intro, singlehost, basic Viewer usage :: June 12 2023, starts at 11:00!

Day 2 :: Install, configuration, basic enrichment :: June 13 2023

Day 3 :: Enrichment, Monitoring encrypted traffic, SSL/TLS proxy :: June 14 2023

Day +1 :: Last but not least :: June 15 2023, ends at 12:00

  • 09:30 - 10:30
    • Arkime rules
    • Splitting BT traffic
    • Free topics - NB! propose topics you would like to hear about!
    • Discussion of topics not covered in previous days
  • 11:00 - 12:00

Orphan topics, topics from previous iterations that we might or might not cover.


Before You Come To Class