Malcolm v23.03.0 is a release with enhancements, component version updates and bug fixes.

Malcolm is a powerful, easily deployable (via Docker) network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

  • Enhancements

    • Replace Zeek's misc/scan.zeek with ncsa/bro-simple-scan
    • terminate start and restart scripts once Malcolm has started properly (cisagov/Malcolm#240 and cisagov/Malcolm#241, thanks @Njinx)
    • minor usability improvements for ISO-installed Malcolm and Hedgehog (idaholab/Malcolm#155)
      • Added a "Configure Malcolm" menu item (under the "Internet" GTK menu with the other Malcolm stuff) and launcher on the top panel of icons in Malcolm. This runs ./scripts/install.py --configure in full screen. May look at starting this automatically on first boot in the future. (Malcolm)
      • Added Malcolm shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Malcolm)
      • Added /opt/sensor/sensor_ctl shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Hedgehog)
      • Have tilix from launcher panel start in /opt/sensor/sensor_ctl (Hedgehog)
    • minor tweaks to defaults for install.py --configure (enable offline-capable file scanners by default)
    • interrupt startup import script when netbox-restore is run
    • added NetBox restore logic to reset_and_auto_populate.sh script (used mostly for demos and presentations)
  • Component version updates

  • Fixes

    • last few seconds' Zeek logs prior to log rotation may be lost (idaholab/Malcolm#151)
    • in ISO-packaged Malcolm installation scripts directory, symlink netbox-backup and netbox-restore to control.py
    • improve opensearchpy connect/health check logig in pcap_watcher.py in pcap-monitor container

#netbox #arkime #malcolm #opensearch #zeek #suricata #pcap #networktrafficanalysis #cybersecurity #cyber #infosec #github #inl #dhs #cisa #CISAgov

Last updated 1 year ago

v6.4.3 is a minor containing enhancements, component version updates and bug fixes.

and may be obtained by pulling or building the images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on , but may be downloaded from https://malcolm.fyi/.

#malcolm #release #alpine #filebeat #netbox #zeek #opensearch #fluentbit #hedgehoglinux #docker #github #cybersecurity #pcap #networktrafficanalysis #arkime #ics #inl #CISAgov

Last updated 2 years ago

I'm pleased to announce the v6.4.2 release of Malcolm. This release updates to v5.0.3 and and to v2.4.0 as well as some other minor fixes and improvements. It also includes a Zeek plugin to detect vulnerability to and exploitation attempts of .

See the documentation for instructions for installing Malcolm and pulling the new images, or grab the (unofficial) ISOs.

#zeek #opensearch #opensearchdashboards #CVE20223602 #docker #malcolm #hedgehoglinux #cybersecurity #pcap #networktrafficanalysis #arkime #ics #inl #CISAgov

Last updated 2 years ago

Woohoo! The lab () put out a PR piece on my project, : inl.gov/article/new-framework-

You can check it out on GitHub or at malcolm.fyi . I'd love to get feedback from people on infosec.exchange.

The twelve-monitor monster behind me is named the dodecascreendron by those in the know.

#inl #opensource #networktrafficanalysis #malcolm #cybersecurity #pcap #zeek #arkime #ics #opensearch

Last updated 2 years ago