Malcolm
Malcolm copied to clipboard
idaholab
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
There have been requests to provide Malcolm builds for ARM64/AArch64. Now that we've proven (#250) that at least some components can build/run fine on ARM64 there's really no reason we...
See [Differences between -v and --mount behavior](https://docs.docker.com/storage/bind-mounts/#differences-between--v-and---mount-behavior): > > Because the -v and --volume flags have been a part of Docker for a long time, their behavior cannot be changed....
When fetching updates for MISP / TAXII zeek intel feeds, we need to adjust the logic so that if all of the URLs associated with that feed type fail, don't...
**For what topic would you like to see training developed?** Go over how to review Notices, CVEs, triggered signatures, etc. in Malcolm (probably via dashboards) **What format would be best...
Feature-tracking issue dependent on #131 * possibilities * [NIST API](https://nvd.nist.gov/developers/vulnerabilities) * [CSAF](https://oasis-open.github.io/csaf-documentation/)
How could Malcolm integrate sigma? [Sigma](https://github.com/SigmaHQ/sigma): > Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner. The rule format...
Feature-tracking issue dependent on #131
Support and documentation for setting up forwarding cloud logs to Malcolm, possibly such as: * AWS platform * VPC flow logs (somewhat related to #175) * CloudFront access logs *...
Currently the default dashboard is the "overview" [dashboard](https://github.com/idaholab/Malcolm/blob/main/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json). This is a pretty good overview, but we need to really look at it from a UI and a cybersec point of...
[DINA-community/ot-parsers](https://github.com/DINA-community/ot-parsers) Examine these parsers and pull some of them into Malcolm.