Skip to content

Releases: cisagov/Malcolm

Malcolm v1.2.1

14 Jun 14:46
@mmguero mmguero
v1.2.1
bbeb3f9
Compare
Choose a tag to compare
Malcolm v1.2.1

This release contains bug fixes and improvements to documentation.

idaholab/Malcolm@v1.2.0...v1.2.1

  • Modernize some Python 2 code to be compatible with Python 3
  • Fixed an issue with filebeat-clean-zeeklogs-processed-folder.py not running
  • Fix Elastalert container (issue #17)
  • Fix Elastalert sample rule
  • Fix Filebeat not starting up with unexpected filebeat.yml permissions (issue #24)
  • Other minor documentation fixes
  • Improved documentation for live analysis
  • Added step-by-step installation instructions for Malcolm installation on Ubuntu to README
Assets 6
Loading

Malcolm v1.2.0 (Initial Release)

11 Jun 16:04
@mmguero mmguero
v1.2.0
ce2d8de
Compare
Choose a tag to compare
Malcolm v1.2.0 (Initial Release)

The Department of Homeland Security and the Bureau of Reclamation with Battelle Energy Alliance are releasing an easily deployable network traffic analysis tool suite. Named Malcolm, the software platform is an open source solution that provides IT network administrators and industrial control system owners with greater visibility into their computer network traffic and improves their capability to detect abnormal system behavior.

Although all of the tools which make up Malcolm are open source and in general use, Malcolm provides an interconnected framework that makes it greater than the sum of its parts. Malcolm's easy, flexible deployment and robust combination of tools fill a void in the network security space and make advanced network traffic analysis accessible to many in both the public and private sectors as well as individual enthusiasts. Malcolm will continue to be developed and improved with a focus on providing visibility into the security of personal, enterprise and industrial control systems networks.

Malcolm was developed with DHS and Reclamation funding at the Idaho National Laboratory. It leverages open source network analysis and data management tools including Moloch (https://molo.ch), Zeek (formerly Bro; https://www.zeek.org), CyberChef (https://github.com/gchq/CyberChef), the Elastic Stack (https://www.elastic.co/products) and Docker (https://www.docker.com) to name a few.

The files required to build and run Malcolm are available at the Idaho National Lab's GitHub page at
https://github.com/idaholab/malcolm. Malcolm's source code is released under the terms of a
permissive open source software license.

Assets 6
Loading