Announcing the 2nd Annual Moloch Conference: Learn…


We’re excited to share that the 2nd Annual MolochON will be Thursday, Nov. 1, 2018 in Dulles, Virginia, at the Oath campus. Moloch is a large-scale, open source, full packet capturing, indexing and database system.

There’s no cost to attend the event and we’d love to see you there! Feel free to register here.

We’ll be joined by many fantastic speakers from the Moloch community to present on the following topics:

Moloch: Recent Changes & Upcoming Features
by Andy Wick, Sr Princ Architect, Oath & Elyse Rinne, Software Dev Engineer, Oath

Since the last MolochON, many new features have been added to Moloch. We will review some of these features and demo how to use them. We will also discuss a few desired upcoming features.

Speaker Bios
Andy is the creator of Moloch and former Architect of AIM. He joined the security team in 2011 and hasn’t looked back.

Elyse is the UI and full stack engineer for Moloch. She revamped the UI to be more user-friendly and maintainable. Now that the revamp has been completed, Elyse is working on implementing awesome new Moloch features!



Small Scale at Large Scale: Putting Moloch on the Analyst’s Desk
by Phil Hagen, SANS Senior Instructor, DFIR Strategist, Red Canary

I’ve been excited to add Moloch to the FOR572 class, Advanced Network Forensics at the SANS Institute. In FOR572, we cover Moloch with nearly 1,000 students per year, via classroom discussions and hands-on labs. This presents an interesting engineering problem, in that we provide a self-contained VMware image for the classroom lab, but it is also suitable for use in forensic casework. In this talk, I’ll cover some of what we did to make a single VM into a stable and predictable environment, distributed to hundreds of students across the world.

Speaker Bio
Phil is a Senior Instructor with the SANS Institute and the DFIR Strategist at Red Canary. He is the course lead for SANS FOR572, Advanced Network Forensics, and has been in the information security industry for over 20 years. Phil is also the lead for the SOF-ELK project, which provides a free, open source, ready-to-use Elastic Stack appliance to aid and optimize security operations and forensic processing. Networking is in his blood, dating back to a 2400 baud modem in an Apple //e, which he still has.



Oath Deployments
by Andy Wick, Sr Princ Architect, Oath

The formation of Oath gave us an opportunity to rethink and create a new visibility stack. In this talk, we will be sharing our process for designing our stack for both office and data center deployments and discussing the technologies we decided to use.

Speaker Bio
Andy is the creator of Moloch and former Architect of AIM. He joined the security team in 2011 and hasn’t looked back.



Centralized Management and Deployment with Docker and Ansible
by Taylor Ashworth, Cybersecurity Analyst

I will focus on how to use Docker and Ansible to deploy, update, and manage Moloch along with other tools like Suricata, WISE, and ES. I will explain the time-saving benefits of Ansible and the workload reduction benefits of Docker,and I will also cover the topic “Pros and cons of using Ansible tower/AWX over Ansible in CLI.” If time permits, I’ll discuss “Using WISE for data enrichment.”

Speaker Bio
Taylor is a cybersecurity analyst who was tired of the terrible tools he was presented with and decided to teach himself how to set up tools to successfully do his job.



Automated Threat Intel Investigation Pipeline
by Matt Carothers, Principal Security Architect, Cox Communications

I will discuss integrating Moloch into an automated threat intel investigation pipeline with MISP.

Speaker Bio
Matt enjoys sunsets, long hikes in the mountains and intrusion detection. After studying Computer Science at the University of Oklahoma, he accepted a position with Cox Communications in 2001 under the leadership of renowned thought leader and virtuoso bass player William “Wild Bill” Beesley, who asked to be credited in this bio. There, Matt formed Cox’s abuse department, which he led for several years, and today he serves as Cox’s Principal Security Architect.



Using WISE
by Andy Wick, Sr Princ Architect, Oath

We will review how to use WISE and provide real-life examples of features added since the last MolochON.

Speaker Bio
Andy is the creator of Moloch and former Architect of AIM. He joined the security team in 2011 and hasn’t looked back.



Moloch Deployments
by Srinath Mantripragada, Linux Integrator, SecureOps

I will present a Moloch deployment with 20+ different Moloch nodes. A range will be presented, including small, medium, and large deployments that go from full hardware with dedicated capture cards to virtualized point-of-presence and AWS with transit network. All nodes run Moloch, Suricata and Bro.

Speaker Bio
Srinath has worked as a SysAdmin and related positions for most of his career. He currently works as an Integrator/SysAdmin/DevOps for SecureOps, a Security Services company in Montreal, Canada.



Elasticsearch for Time-series Data at Scale
by Andrew Selden, Solution Architect, Elastic

Elasticsearch has evolved beyond search and logging to be a first-class, time-series metric store. This talk will explore how to achieve 1 million metrics/second on a relatively modest cluster. We will take a look at issues such as data modeling, debugging, tuning, sharding, rollups and more.

Speaker Bio
Andrew Selden has been running Elasticsearch at scale since 2011 where he previously led the search, NLP, and data engineering teams at Meltwater News and later developed streaming analytics solutions for BlueKai’s advertising platform (acquired by Oracle). He started his tenure at Elastic as a core engineer and for the last two years has been helping customers architect and scale.


After the conference, enjoy a complimentary happy hour, sponsored by Arista.

Hope to see you there!



Source link