Analyzing network traffic is an important step in developing a proactive threat hunting program. This course will teach you how to perform network traffic analysis using Arkime to find threats in your network.
Finding undetected threats in your network through proactive network analysis requires the right tools. In this course, Network Analysis with Arkime, you’ll learn how to utilize Arkime to detect anomalous or malicious network traffic in an enterprise environment. First, you'll gain insight into how to detect common malware delivery patterns. Next, you’ll learn how to use Arkime to identify malware command and control. Finally, you’ll utilize the many features of Arkime to identify data exfiltration. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques using Arkime.
Dr. Josh Stroschein is an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration testing. Josh also works as a malware analyst for Bromium, an end-point security company and is the Director of Training for the Open Information Security Foundation (OISF).
Course Overview Welcome to Pluralsight and this blue team tools course featuring Arkime, the open source network analysis tool developed and maintained by Andy Wick. Monitoring network traffic is an important step in developing a proactive threat hunting program and closing the time between when intrusion occurs and when an organization detects it. In this course, you will learn how to utilize Arkime to perform in‑depth network traffic analysis and specifically be able to hunt for patterns of phishing activity, command and control, and data exfiltration. So why Arkime? Well, the project is inspired by owls, and one of their favorites is Archimedes, Merlin's smart, grouchy, and sarcastic buddy. Of course, there is also the mathematician, engineer, and inventor Archimedes, who created the system of using exponentiation for expressing very large numbers. According to the project authors, this best represents the software's ability to capture and store immense amount of network traffic, as well as their sarcastic and sometimes grouchy approach to software developed. Come join me in learning Arkime to harness the power of indexed packet capture to help you defend your networks.