Malcolm v23.03.0 is a release with enhancements, component version updates and bug fixes.

Malcolm is a powerful, easily deployable (via Docker) network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

  • Enhancements

    • Replace Zeek's misc/scan.zeek with ncsa/bro-simple-scan
    • terminate start and restart scripts once Malcolm has started properly (cisagov/Malcolm#240 and cisagov/Malcolm#241, thanks @Njinx)
    • minor usability improvements for ISO-installed Malcolm and Hedgehog (idaholab/Malcolm#155)
      • Added a "Configure Malcolm" menu item (under the "Internet" GTK menu with the other Malcolm stuff) and launcher on the top panel of icons in Malcolm. This runs ./scripts/install.py --configure in full screen. May look at starting this automatically on first boot in the future. (Malcolm)
      • Added Malcolm shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Malcolm)
      • Added /opt/sensor/sensor_ctl shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Hedgehog)
      • Have tilix from launcher panel start in /opt/sensor/sensor_ctl (Hedgehog)
    • minor tweaks to defaults for install.py --configure (enable offline-capable file scanners by default)
    • interrupt startup import script when netbox-restore is run
    • added NetBox restore logic to reset_and_auto_populate.sh script (used mostly for demos and presentations)
  • Component version updates

  • Fixes

    • last few seconds' Zeek logs prior to log rotation may be lost (idaholab/Malcolm#151)
    • in ISO-packaged Malcolm installation scripts directory, symlink netbox-backup and netbox-restore to control.py
    • improve opensearchpy connect/health check logig in pcap_watcher.py in pcap-monitor container

#netbox #arkime #malcolm #opensearch #zeek #suricata #pcap #networktrafficanalysis #cybersecurity #cyber #infosec #github #inl #dhs #cisa #CISAgov

Last updated 2 years ago

v6.4.3 is a minor containing enhancements, component version updates and bug fixes.

and may be obtained by pulling or building the images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on , but may be downloaded from https://malcolm.fyi/.

#malcolm #release #alpine #filebeat #netbox #zeek #opensearch #fluentbit #hedgehoglinux #docker #github #cybersecurity #pcap #networktrafficanalysis #arkime #ics #inl #CISAgov

Last updated 2 years ago

_Veronica_ · @verovaleros
345 followers · 122 posts · Server infosec.exchange
_Veronica_ · @verovaleros
213 followers · 65 posts · Server infosec.exchange

If you ever used our @stratosphere malware datasets, we have good news! Under my direction, we will be actively working on improving all our datasets to make them better and more accessible to the community.

These datasets are unique in many ways and we look to make them even better.

If you have suggestions, ideas, would-be-nice comments, use cases, or any comments in general we would love to hear about it!

These datasets were initially created to aid machine learning researchers in developing new and better models to identify malicious behaviors in the network. When we started, there were few datasets out there with real malware network traffic that lasted longer than just a few minutes.

mcfp.felk.cvut.cz/publicDatase

#networksecurity #malwaretraffic #machinelearning #datascience #cybersecurity #maliciousbehaviors #datasets #networktrafficanalysis #ml #anomalydetection

Last updated 2 years ago

I'm pleased to announce the v6.4.2 release of Malcolm. This release updates to v5.0.3 and and to v2.4.0 as well as some other minor fixes and improvements. It also includes a Zeek plugin to detect vulnerability to and exploitation attempts of .

See the documentation for instructions for installing Malcolm and pulling the new images, or grab the (unofficial) ISOs.

#zeek #opensearch #opensearchdashboards #CVE20223602 #docker #malcolm #hedgehoglinux #cybersecurity #pcap #networktrafficanalysis #arkime #ics #inl #CISAgov

Last updated 2 years ago

Woohoo! The lab () put out a PR piece on my project, : inl.gov/article/new-framework-

You can check it out on GitHub or at malcolm.fyi . I'd love to get feedback from people on infosec.exchange.

The twelve-monitor monster behind me is named the dodecascreendron by those in the know.

#inl #opensource #networktrafficanalysis #malcolm #cybersecurity #pcap #zeek #arkime #ics #opensearch

Last updated 2 years ago

ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
ITSEC News · @itsecbot
738 followers · 32490 posts · Server schleuss.online
ITSEC News · @itsecbot
738 followers · 32490 posts · Server schleuss.online

How Behavioral Detections Actually Discovered the SolarWinds Orion SUNBURST Attack - The post How Behavioral Detections Actually Discovered the SolarWinds Orion SUNBURST Attack appeared... feedproxy.google.com/~r/securi

#blueteam #articles #assetmanagement #incidentresponse #threatintelligence #securityoperations #intrusiondetection #networktrafficanalysis

Last updated 4 years ago

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online

Cloud Native Network Detection and Response - The post Cloud Native Network Detection and Response appeared first on Security Weekly. more: feedproxy.google.com/~r/securi

#articles #forensics #cloudsecurity #securityoperations #networktrafficanalysis

Last updated 5 years ago