Moloch 1.7.0 - Notifications, Field History, and More
<p><i><a href="https://www.linkedin.com/in/andy-wick-ba90613/">Andy Wick</a>, Chief Architect, Verizon Media & <a href="https://www.linkedin.com/in/elyserinne/">Elyse Rinne</a>, Software Engineer, Verizon Media</i><br/></p><p>Since wrapping up the <a href="https://yahoodevelopers.tumblr.com/post/181272427518/musings-from-the-2nd-annual-molochon">2nd annual MolochON</a>, we’ve been working on Moloch 1.7.0 - available <a href="https://molo.ch/#downloads">here</a>. Moloch is a large scale, open source, full packet capturing, indexing, and database system. We’ve been improving it with the help of our open source community. This release includes two bug fixes in capture and several new features. <a href="https://raw.githubusercontent.com/aol/moloch/master/CHANGELOG">Here’s a list of all the changes.</a></p><p><b>Fixed corrupt file sequence numbers</b><br/></p><p>When Elasticsearch was responding slowly or capture was busy, it was possible for corrupt sequence numbers to be created. This would lead to packet capture (pcap) that couldn’t be viewed and random items appearing in the sequence table. This is now fixed.</p><p><b>Removed 256 offline files limit</b></p><p>When running against offline files, capture would stop properly recording sequence numbers for files after the 256 file per capture run. This lead to pcap that couldn’t be viewed for those files forcing the user to restart the capture session for the next 256 files. With the new fix in place, you can now capture and store to more than 256 files.</p><p><b>Field Intersections</b></p><p>We’ve added a new API endpoint and Actions menu item that allows you to export unique values and counts across multiple fields. It’s now easy to find all the http hosts that a destination IP is serving. Calling this feature from the actions menu on the UI results in exporting the fields currently displayed (excluding the time and info columns). You can use previously saved column configs to switch between the data you want exported. See the <a href="https://youtu.be/oGeVKdVQXXc">demo video</a> for more ideas.</p><p>If you are in the business of packet capture as part of your job in network security, join the <a href="https://molo.ch/">Moloch</a> community, use and help <a href="https://github.com/aol/moloch/blob/master/CONTRIBUTING.md">contribute</a> to the project, and chat with us on <a href="https://slackinvite.molo.ch/">Slack</a>. To get started, check out our <a href="https://github.com/aol/moloch/blob/master/README.md">README</a> and <a href="https://github.com/aol/moloch/wiki/FAQ">FAQ</a> pages on GitHub.</p><p>P.S. <a href="https://t.umblr.com/redirect?z=https%3A%2F%2Fwww.oath.com%2Fcareers%2Fjob-openings%3Fq%3DParanoids&t=ZGRjOGU4ZmQ4NGQzMjA2NDAyMmMwNmFhNWRkZmE4Y2VjN2Y2YzI2NiwzUm1OY0Fqag%3D%3D&b=t%3AqCv_Mk0XnXjOXXgdN4dpcQ&p=https%3A%2F%2Fyahoodevelopers.tumblr.com%2Fpost%2F181272427518%2Fmusings-from-the-2nd-annual-molochon&m=1">We’re hiring security professionals, whom we lovingly call paranoids</a>!<br/></p>