#Malcolm v6.4.3 is a minor #release containing enhancements, component version updates and bug fixes.

• Enhancements

  • Import the NetBox Device Type Library on NetBox first run to populate manufacturers, device types, models and modules
  • idaholab/Malcolm#127 have install.py --configure ask about other storage locations for PCAP, Zeek logs and OpenSearch indices
  • idaholab/Malcolm#128 have install.py --configure prompt for Arkime to manage uploaded PCAP files or not

• Component version updates

  • #Alpine Linux to v3.17 for some Docker containers' base images
  • #Filebeat to v8.5.2
  • #NetBox to v3.3.9
  • #Zeek to v5.0.4
  • #opensearch-py to v2.0.1
  • #FluentBit to v2.0.6

• Fixes

  • Fix some bad links in the documentation and other minor documentation improvements
  • Fix idaholab/Malcolm#126, suricata logs show up in Arkime as "notip" for the protocol
  • Fix idaholab/Malcolm#129, filtering by rootId in Arkime returns no results
  • Fix Docker health checks for NetBox and supporting containers
  • Fix "read-only" version of nginx.conf
  • Tweaks to install.py memory recommendations

#Malcolm and #HedgehogLinux may be obtained by pulling or building the #Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on #GitHub, but may be downloaded from https://malcolm.fyi/.

#cybersecurity #pcap #networktrafficanalysis #zeek #arkime #ICS #INL #CISAgov

I'm pleased to announce the v6.4.2 release of Malcolm. This release updates #Zeek to v5.0.3 and #OpenSearch and #OpenSearchDashboards to v2.4.0 as well as some other minor fixes and improvements. It also includes a Zeek plugin to detect vulnerability to and exploitation attempts of #CVE20223602.

See the documentation for instructions for installing Malcolm and pulling the new #Docker images, or grab the _(unofficial) ISOs.

#Malcolm #HedgehogLinux #cybersecurity #pcap #networktrafficanalysis #zeek #arkime #ICS #INL #CISAgov