Skip to content

Latest commit

 

History

History

Arkime

This material has been designed to be taught in a classroom environment... hands-on 80% + talk 40% + slides 0% = 120% hard work

The online material is missing some of the contextual concepts and ideas that will be covered in class.

This is 4 days of material for any intermediate-level dev-ops who has some experience with other security|monitoring tools and wants to learn Arkime. We believe these classes are perfect for anyone who wants a jump start in learning Arkime or who wants a more thorough understanding of it internals.

Arkime is a large scale, open source, full packet capturing, indexing, and database system.

Arkime was formerly named Moloch, so the materials on this site may still refer to it as Moloch in various ways or forms. Same holds true for the Arkime codebase.

Arkime is not meant to replace Intrusion Detection Systems (IDS). Arkime augments your current security infrastructure by storing and indexing network traffic in standard PCAP format, while also providing fast indexed access.

NB! Provided timeline is preliminary and will develop according to the actual progress of the class. On-site participation only.

Day -1 :: Intro, singlehost, basic Viewer usage :: June 3 2024, starts at 13:00!

Day 1 :: Install, basic configuration :: June 4 2024

Day 2 :: Advanced configuration, enrichment :: June 5 2024

Day 3 :: Suricata, SSL/TLS proxy :: June 6 2024

Day +1 :: Last but not least :: June 7 2024, ends at 12:00

Orphan topics, topics from previous iterations that we might or might not cover

For trying out locally -- not needed for classroom!


Before You Come To Class