Seth Grover
Seth Grover
It's been a bit since I went through the hardening scripts for the ISO installers and examined the output * [Malcolm - Hardening](https://idaholab.github.io/Malcolm/docs/hardening.html#Hardening) * [Hedgehog - Hardening](https://idaholab.github.io/Malcolm/docs/hedgehog-hardening.html#HedgehogHardening) Need to: *...
[This documentation](https://idaholab.github.io/Malcolm/docs/host-config-macos.html#HostSystemConfigMac) is somewhat old and may be way out of date. We need to review that and see if it still works and/or needs to be updated. Also we...
See: * [digitalbond/Quickdraw-Snort](https://github.com/digitalbond/Quickdraw-Snort) * [digitalbond/Quickdraw-Suricata](https://github.com/digitalbond/Quickdraw-Suricata) Tasks: * Examine suricata rules and either modify and add to Malcolm under [here](https://github.com/idaholab/Malcolm/tree/main/suricata/rules-default/OT) or adjust build to pull them in via git clone *...
Malcolm currently supports two authentication modes: * [basic auth](https://idaholab.github.io/Malcolm/docs/authsetup.html#AuthBasicAccountManagement) * [LDAP/Active Directory](https://idaholab.github.io/Malcolm/docs/authsetup.html#AuthLDAP) Both of these are done through [NGINX](https://github.com/idaholab/Malcolm/tree/main/nginx) so that it can be authenticated in one place for all...
In the Zeek community call October 4, 2023, Arne Welzel gave a demo of a new Zeek demo using javascript to interface with MISP. Christian Kreibich says in the next...
From Malcolm created by [mmguero](https://github.com/mmguero): cisagov/Malcolm#26 Currently Malcolm's tested manually by me on a per-change basis. As the project matures, I need to look into implementing some kind of test...
I need to look at the profiling tools available to opensearch and look at index storage tweaks. It's likely there are things being indexed in a way that could be...
Submitted by @erik4711 as cisagov/Malcolm#278 # 💡 Summary # Add support for [PCAP-over-IP](https://en.wikipedia.org/wiki/PCAP-over-IP) (aka PcapOverTcp) to allow Malcolm to read a continuous PCAP stream of network traffic from a remote...
A user requested we look into accepting NetFlow v9 as a flow data source. I believe there are netflow inputs for logstash and filebeat already, so the plumbing is there....
The [contributor's guide](https://idaholab.github.io/Malcolm/docs/contributing-dashboards.html#dashboards) gives instructions for exporting a newly created dashboard for inclusion in `./dashboards/dashboards` in the Malcolm source repository, but this would be better to be at least a...