Network Analysis with Arkime

Analyzing network traffic is an important step in developing a proactive threat hunting program. This course will teach you how to perform network traffic analysis using Arkime to find threats in your network.
Course info
Level
Intermediate
Updated
Dec 11, 2020
Duration
45m
Table of contents
Description
Course info
Level
Intermediate
Updated
Dec 11, 2020
Duration
45m
Description

Finding undetected threats in your network through proactive network analysis requires the right tools. In this course, Network Analysis with Arkime, you’ll learn how to utilize Arkime to detect anomalous or malicious network traffic in an enterprise environment. First, you'll gain insight into how to detect common malware delivery patterns. Next, you’ll learn how to use Arkime to identify malware command and control. Finally, you’ll utilize the many features of Arkime to identify data exfiltration. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques using Arkime.

About the author
About the author

Dr. Josh Stroschein is an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration testing. Josh also works as a malware analyst for Bromium, an end-point security company and is the Director of Training for the Open Information Security Foundation (OISF).

More from the author
Installing the Elastic Stack
Beginner
1h 30m
Aug 17, 2021
Dridex Banking Trojan
Intermediate
1h 57m
May 11, 2021
More courses by Josh Stroschein
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to Pluralsight and this blue team tools course featuring Arkime, the open source network analysis tool developed and maintained by Andy Wick. Monitoring network traffic is an important step in developing a proactive threat hunting program and closing the time between when intrusion occurs and when an organization detects it. In this course, you will learn how to utilize Arkime to perform in‑depth network traffic analysis and specifically be able to hunt for patterns of phishing activity, command and control, and data exfiltration. So why Arkime? Well, the project is inspired by owls, and one of their favorites is Archimedes, Merlin's smart, grouchy, and sarcastic buddy. Of course, there is also the mathematician, engineer, and inventor Archimedes, who created the system of using exponentiation for expressing very large numbers. According to the project authors, this best represents the software's ability to capture and store immense amount of network traffic, as well as their sarcastic and sometimes grouchy approach to software developed. Come join me in learning Arkime to harness the power of indexed packet capture to help you defend your networks.