Setting up Network Detection & Response capabilities | Episode 6 | Threat Detection Lab Series

Hello Defenders,
Welcome to episode 2 of my YouTube video series “Building a Threat Detection Lab from Scratch.” In this comprehensive video series, I will guide you on how to build a Threat Detection Engineering Lab from the ground up using open-source tools and community editions of popular enterprise solutions!

About the Series :
This series is perfect for cybersecurity enthusiasts, professionals, and beginners who want to dive into the world of threat hunting and cyber threat research. I’ll take you through every step, starting from the basics and progressing to advanced configurations & architectures. We will aim to keep this lab environment growing and optimized for practicing real-world scenarios!

Episode 6 Agenda:

– Understanding Resource Constraints for Running NDR VM
– Enable Promiscuous mode on Vmware Workstation Pro
– Deploying Malcolm
– Configuring environment variables & Authentication Settings
– Running Malcolm
– Observing Malcolm, Packet captures, PCAPs, Cyberchef, JARM, Integration to Elasticsearch for centralized logging

Malcolm is a powerful open-source network traffic analysis tool that integrates seamlessly with Zeek, Suricata, Yara, JARM, Elasticsearch/OpenSearch, CyberChef, and many more, providing a robust platform for detecting and responding to network threats. In this episode, we’ll cover the installation of Malcolm and configure these essential tools to enhance our network security monitoring and threat detection capabilities.

Chapters:
00:00 – Overview, Requirements & Recap
03:00 – Introduction to Malcolm
03:00 – overview of included tools
05:45 – VM Resource and Configuration
08:15 – Enable Promiscuous mode on VMware Workstation
10:22 – Installing Malcolm on Ubuntu
13:15 – Configure Malcolm and Include Tools
18:00 – Configure authentication
19:23 – Starting Malcolm
21:33 – Accessing Malcolm and Included Tools
22:30 – Walkthrough
22:50 – Arkime Walkthrough
24:35 – Salesforce JARM
28:50 – Arkime/Zeek Logs in ElasticSearch/Kibana
30:30 – Cyberchef
32:00 – Wrapup

Reference Resources:
You can find all the software links and referenced architecture Diagram at [Threat Hunting & Open Research (THOR)](

Don’t forget to like, comment, and subscribe to stay updated with more cybersecurity tutorials, walkthroughs, and insightful content!

#Arkime #Moloch #PCAPProcessing #NetworkTrafficAnalysis #OpenSearch #Logstash #Filebeat #OpenSearchDashboards #Zeek #Suricata #IDS #Yara #MalwareDetection #Capa #ExecutableFileAnalysis #ClamAV #AntivirusEngine #CyberChef #DataConversionTool #Docker #DockerCompose #NetBox #PostgreSQL #Redis #Nginx #LDAPAuthentication #FluentBit #NetworkSensors #EntropyCalculation #YaraRuleset #ZeekPlugins #ProtocolAnalyzers #VulnerabilityDetection #CorelightPlugins #MITREATTACK #CybersecurityTools #NetworkSecurity
#Cybersecurity #NetworkSecurityMonitoring #ThreatDetection #ThreatHunting #CyberThreatIntelligence #SecurityOperations #Malcolm #Zeek #Suricata #Yara #Capa #NetworkTrafficAnalysis #IntrusionDetection #MalwareDetection #StaticAnalysis #AdvancedThreatDetection #CybersecurityTraining #NetworkSecurityTools #SecurityLabs #CybersecuritySolutions #ITSecurity #CyberDefense #VirtualSecurityLab #NetworkMonitoringLab #CybersecurityEducation #SecurityInfrastructure #ITThreatDetection #CybersecurityLabSetup #CyberThreatHunting #SecurityManagement #NetworkProtection #SecurityTesting #HomeLab #ITSecurityLab #FirewallConfiguration #NetworkSecurityConfiguration

[ad_2]

source