Malcolm v23.03.0 is a release with enhancements, component version updates and bug fixes.
Malcolm is a powerful, easily deployable (via Docker) network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
Enhancements
start
and restart
scripts once Malcolm has started properly (cisagov/Malcolm#240 and cisagov/Malcolm#241, thanks @Njinx)./scripts/install.py --configure
in full screen. May look at starting this automatically on first boot in the future. (Malcolm)install.py --configure
(enable offline-capable file scanners by default)netbox-restore
is runreset_and_auto_populate.sh
script (used mostly for demos and presentations)Component version updates
Fixes
scripts
directory, symlink netbox-backup
and netbox-restore
to control.py
pcap_watcher.py
in pcap-monitor
container#Malcolm #OpenSearch #Zeek #Arkime #Suricata #PCAP #NetworkTrafficAnalysis #CyberSecurity #Cyber #Infosec #GitHub #INL #DHS #CISA #CISAgov
#netbox #arkime #malcolm #opensearch #zeek #suricata #pcap #networktrafficanalysis #cybersecurity #cyber #infosec #github #inl #dhs #cisa #CISAgov
#Malcolm v6.4.3 is a minor #release containing enhancements, component version updates and bug fixes.
Enhancements
install.py --configure
ask about other storage locations for PCAP, Zeek logs and OpenSearch indicesinstall.py --configure
prompt for Arkime to manage uploaded PCAP files or notComponent version updates
Fixes
install.py
memory recommendations#Malcolm and #HedgehogLinux may be obtained by pulling or building the #Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on #GitHub, but may be downloaded from https://malcolm.fyi/.
#cybersecurity #pcap #networktrafficanalysis #zeek #arkime #ICS #INL #CISAgov
#malcolm #release #alpine #filebeat #netbox #zeek #opensearch #fluentbit #hedgehoglinux #docker #github #cybersecurity #pcap #networktrafficanalysis #arkime #ics #inl #CISAgov
I'm pleased to announce the v6.4.2 release of Malcolm. This release updates #Zeek to v5.0.3 and #OpenSearch and #OpenSearchDashboards to v2.4.0 as well as some other minor fixes and improvements. It also includes a Zeek plugin to detect vulnerability to and exploitation attempts of #CVE20223602.
See the documentation for instructions for installing Malcolm and pulling the new #Docker images, or grab the (unofficial) ISOs.
#Malcolm #HedgehogLinux #cybersecurity #pcap #networktrafficanalysis #zeek #arkime #ICS #INL #CISAgov
#zeek #opensearch #opensearchdashboards #CVE20223602 #docker #malcolm #hedgehoglinux #cybersecurity #pcap #networktrafficanalysis #arkime #ics #inl #CISAgov
Woohoo! The lab (#INL) put out a PR piece on my #OpenSource #NetworkTrafficAnalysis project, #Malcolm: https://inl.gov/article/new-framework-harnesses-multiple-cybersecurity-tools-to-protect-critical-infrastructure
You can check it out on GitHub or at https://malcolm.fyi . I'd love to get feedback from people on infosec.exchange.
The twelve-monitor monster behind me is named the dodecascreendron by those in the know.
#inl #opensource #networktrafficanalysis #malcolm #cybersecurity #pcap #zeek #arkime #ics #opensearch