Seth Grover :heart_cyber: :terminal: :d20: · @mmguero
102 followers · 138 posts · Server infosec.exchangeMalcolm v23.03.0 is a release with enhancements, component version updates and bug fixes.
Malcolm is a powerful, easily deployable (via Docker) network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
Enhancements
- Replace Zeek's misc/scan.zeek with ncsa/bro-simple-scan
- terminate
startandrestartscripts once Malcolm has started properly (cisagov/Malcolm#240 and cisagov/Malcolm#241, thanks @Njinx) - minor usability improvements for ISO-installed Malcolm and Hedgehog (idaholab/Malcolm#155)
- Added a "Configure Malcolm" menu item (under the "Internet" GTK menu with the other Malcolm stuff) and launcher on the top panel of icons in Malcolm. This runs
./scripts/install.py --configurein full screen. May look at starting this automatically on first boot in the future. (Malcolm) - Added Malcolm shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Malcolm)
- Added /opt/sensor/sensor_ctl shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Hedgehog)
- Have tilix from launcher panel start in /opt/sensor/sensor_ctl (Hedgehog)
- Added a "Configure Malcolm" menu item (under the "Internet" GTK menu with the other Malcolm stuff) and launcher on the top panel of icons in Malcolm. This runs
- minor tweaks to defaults for
install.py --configure(enable offline-capable file scanners by default) - interrupt #NetBox startup import script when
netbox-restoreis run - added NetBox restore logic to
reset_and_auto_populate.shscript (used mostly for demos and presentations)
Component version updates
- #Arkime to v4.2.0
- OpenSearch and OpenSearch Dashboards to 2.6.0
- Logstash from v8.4.0 to v8.6.1
- Beats to v8.6.2
- Zeek to v5.0.7
- OpenSearch-Py to v2.2.0 (and remove opensearch-dsl which is now part of opensearch-py)
- Supercronic to v0.2.2
- Capa to v5.0.0
- Fluent Bit to v2.0.9
- Version updates to various Python package dependencies
Fixes
- last few seconds' Zeek logs prior to log rotation may be lost (idaholab/Malcolm#151)
- in ISO-packaged Malcolm installation
scriptsdirectory, symlinknetbox-backupandnetbox-restoretocontrol.py - improve opensearchpy connect/health check logig in
pcap_watcher.pyinpcap-monitorcontainer
#Malcolm #OpenSearch #Zeek #Arkime #Suricata #PCAP #NetworkTrafficAnalysis #CyberSecurity #Cyber #Infosec #GitHub #INL #DHS #CISA #CISAgov
#netbox #arkime #malcolm #opensearch #zeek #suricata #pcap #networktrafficanalysis #cybersecurity #cyber #infosec #github #inl #dhs #cisa #CISAgov
Seth Grover :heart_cyber: :terminal: :d20: · @mmguero
86 followers · 117 posts · Server infosec.exchange
#Malcolm v6.4.3 is a minor #release containing enhancements, component version updates and bug fixes.
Enhancements
- Import the NetBox Device Type Library on NetBox first run to populate manufacturers, device types, models and modules
- idaholab/Malcolm#127 have
install.py --configureask about other storage locations for PCAP, Zeek logs and OpenSearch indices - idaholab/Malcolm#128 have
install.py --configureprompt for Arkime to manage uploaded PCAP files or not
Component version updates
Fixes
- Fix some bad links in the documentation and other minor documentation improvements
- Fix idaholab/Malcolm#126, suricata logs show up in Arkime as "notip" for the protocol
- Fix idaholab/Malcolm#129, filtering by rootId in Arkime returns no results
- Fix Docker health checks for NetBox and supporting containers
- Fix "read-only" version of nginx.conf
- Tweaks to
install.pymemory recommendations
#Malcolm and #HedgehogLinux may be obtained by pulling or building the #Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on #GitHub, but may be downloaded from https://malcolm.fyi/.
#cybersecurity #pcap #networktrafficanalysis #zeek #arkime #ICS #INL #CISAgov
#malcolm #release #alpine #filebeat #netbox #zeek #opensearch #fluentbit #hedgehoglinux #docker #github #cybersecurity #pcap #networktrafficanalysis #arkime #ics #inl #CISAgov
_Veronica_ · @verovaleros
345 followers · 122 posts · Server infosec.exchange
Practical #tshark filters for network traffic analysis:
https://gist.github.com/verovaleros/ccaefe5c686a1b0b7f2cade529b0eed5
#PacketCapture #PacketAnalysis #networking #networktrafficanalysis #tsharkfilters #trafficanalysis
#tshark #packetcapture #PacketAnalysis #networking #networktrafficanalysis #tsharkfilters #trafficanalysis
_Veronica_ · @verovaleros
213 followers · 65 posts · Server infosec.exchangeIf you ever used our @stratosphere malware datasets, we have good news! Under my direction, we will be actively working on improving all our datasets to make them better and more accessible to the community.
These datasets are unique in many ways and we look to make them even better.
If you have suggestions, ideas, would-be-nice comments, use cases, or any comments in general we would love to hear about it!
These datasets were initially created to aid machine learning researchers in developing new and better models to identify malicious behaviors in the network. When we started, there were few datasets out there with real malware network traffic that lasted longer than just a few minutes.
https://mcfp.felk.cvut.cz/publicDatasets/
#networksecurity #malwaretraffic #machinelearning #datascience #cybersecurity #maliciousbehaviors #datasets #networktrafficanalysis #ml #anomalydetection
#networksecurity #malwaretraffic #machinelearning #datascience #cybersecurity #maliciousbehaviors #datasets #networktrafficanalysis #ml #anomalydetection
Seth Grover :heart_cyber: :terminal: :d20: · @mmguero
86 followers · 117 posts · Server infosec.exchangeI'm pleased to announce the v6.4.2 release of Malcolm. This release updates #Zeek to v5.0.3 and #OpenSearch and #OpenSearchDashboards to v2.4.0 as well as some other minor fixes and improvements. It also includes a Zeek plugin to detect vulnerability to and exploitation attempts of #CVE20223602.
See the documentation for instructions for installing Malcolm and pulling the new #Docker images, or grab the (unofficial) ISOs.
#Malcolm #HedgehogLinux #cybersecurity #pcap #networktrafficanalysis #zeek #arkime #ICS #INL #CISAgov
#zeek #opensearch #opensearchdashboards #CVE20223602 #docker #malcolm #hedgehoglinux #cybersecurity #pcap #networktrafficanalysis #arkime #ics #inl #CISAgov
Seth Grover :heart_cyber: :terminal: :d20: · @mmguero
36 followers · 24 posts · Server infosec.exchange
Woohoo! The lab (#INL) put out a PR piece on my #OpenSource #NetworkTrafficAnalysis project, #Malcolm: https://inl.gov/article/new-framework-harnesses-multiple-cybersecurity-tools-to-protect-critical-infrastructure
You can check it out on GitHub or at https://malcolm.fyi . I'd love to get feedback from people on infosec.exchange.
The twelve-monitor monster behind me is named the dodecascreendron by those in the know.
#inl #opensource #networktrafficanalysis #malcolm #cybersecurity #pcap #zeek #arkime #ics #opensearch
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.onlineMaking the Case for Supply Chain Behavior Transparency - The Biden Administration’s Cyber Executive Order includes a Software Bill of Mate... http://feedproxy.google.com/~r/securityweekly/XBIC/~3/h4jGRbifZy0/ #networktrafficanalysis #applicationsecurity #intrusiondetection #securityoperations #threatintelligence #incidentresponse #cloudsecurity #3rdpartyrisk #articles #devops
#devops #articles #3rdpartyrisk #cloudsecurity #incidentresponse #threatintelligence #securityoperations #intrusiondetection #applicationsecurity #networktrafficanalysis
ITSEC News · @itsecbot
738 followers · 32490 posts · Server schleuss.onlineHow Cloud Defenders Thwart Attacks Against Resilient Services - The introduction of containers and micro-service architectures have changed the w... http://feedproxy.google.com/~r/securityweekly/XBIC/~3/5xeuBcZN4ic/ #networktrafficanalysis #applicationsecurity #securityoperations #attacksurfacemgmt #containersecurity #incidentresponse #cloudsecurity #articles #blueteam #devops
#devops #blueteam #articles #cloudsecurity #incidentresponse #containersecurity #attacksurfacemgmt #securityoperations #applicationsecurity #networktrafficanalysis
ITSEC News · @itsecbot
738 followers · 32490 posts · Server schleuss.online
How Behavioral Detections Actually Discovered the SolarWinds Orion SUNBURST Attack - The post How Behavioral Detections Actually Discovered the SolarWinds Orion SUNBURST Attack appeared... http://feedproxy.google.com/~r/securityweekly/XBIC/~3/WZD-F7MIEPw/ #networktrafficanalysis #intrusiondetection #securityoperations #threatintelligence #incidentresponse #assetmanagement #articles #blueteam
#blueteam #articles #assetmanagement #incidentresponse #threatintelligence #securityoperations #intrusiondetection #networktrafficanalysis
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
How Can We Vaccinate Our Networks? - The post How Can We Vaccinate Our Networks? appeared first on Security Weekly. http://feedproxy.google.com/~r/securityweekly/XBIC/~3/EZLahC1V9Ks/ #configurationmanagement #vulnerabilitymanagement #networktrafficanalysis #threatintelligence #attacksurfacemgmt #attacksimulation #assetmanagement #cloudsecurity #remoteaccess #compliance #articles #blueteam #firewall
#firewall #blueteam #articles #compliance #remoteaccess #cloudsecurity #assetmanagement #attacksimulation #attacksurfacemgmt #threatintelligence #networktrafficanalysis #vulnerabilitymanagement #configurationmanagement
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
What Security Data Do I Really Need to Collect and Analyze? - The post What Security Data Do I Really Need to Collect and Analyze? appeared first on Security Week... http://feedproxy.google.com/~r/securityweekly/XBIC/~3/Q6QUGMdlZLQ/ #managedsecurityservices #vulnerabilitymanagement #networktrafficanalysis #applicationsecurity #intrusiondetection #securityoperations #threatintelligence #endpointsecurity #activedirectory #patchmanagement #cloudsecurity #articles #blueteam #firewall #siem
#siem #firewall #blueteam #articles #cloudsecurity #patchmanagement #activedirectory #endpointsecurity #threatintelligence #securityoperations #intrusiondetection #applicationsecurity #networktrafficanalysis #vulnerabilitymanagement #managedsecurityservices
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Packet Collection and Analysis at Scale - The post Packet Collection and Analysis at Scale appeared first on Security Weekly. more: http://feedproxy.google.com/~r/securityweekly/XBIC/~3/cvV6p_xKZlo/ #networktrafficanalysis #intrusiondetection #securityoperations #incidentresponse #insiderthreat #threathunting #articles #siem
#siem #articles #threathunting #insiderthreat #incidentresponse #securityoperations #intrusiondetection #networktrafficanalysis
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Reducing Remediation Costs from a Breach - The post Reducing Remediation Costs from a Breach appeared first on Security Weekly. more: http://feedproxy.google.com/~r/securityweekly/XBIC/~3/f8-QgTYdyz0/ #networktrafficanalysis #securityoperations #incidentresponse #threathunting #forensics #articles
#articles #forensics #threathunting #incidentresponse #securityoperations #networktrafficanalysis
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Cloud Native Network Detection and Response - The post Cloud Native Network Detection and Response appeared first on Security Weekly. more: http://feedproxy.google.com/~r/securityweekly/XBIC/~3/k5IQ2rS4ddU/ #networktrafficanalysis #securityoperations #cloudsecurity #forensics #articles
#articles #forensics #cloudsecurity #securityoperations #networktrafficanalysis