#dhs

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. - cisagov/Malcolm

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

on Nov 18

From github.com

GitHub - cisagov/icsnpp-omron-fins: Zeek Omron FINS Parser - CISA ICSNPP

1 1

Zeek Omron FINS Parser - CISA ICSNPP. Contribute to cisagov/icsnpp-omron-fins development by creating an account on GitHub.

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

enhance support for syslog ingestion · Issue #354 · cisagov/Malcolm

1 1

Malcolm is now configurable to accept third-party syslogs directly. To describe the feature, here's copy/paste from the updated documentation: From the end-to-end configuration documentation: Shoul...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

normalize winlogbeats with fluent bit winlog/winevtlog · Issue #356 · cisagov/Malcolm

1 1

@mmguero cloned issue idaholab/Malcolm#604 on 2024-10-29: The documentation describes setting up Beats to forward to Malcolm. We need to do the following: verify the documentation that it's (still?...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

extracted_files_http_server.py not working with some filenames · Issue #524 · cisagov/Malcolm

1 1

the extracted_files_http_server.py used to provide the user interface for downloading zeek-carved files has an issue with some filenames, presumably with files with spaces in the name:

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

opensearch.keystore not created when running in Hedgehog profile · Issue #533 · cisagov/Malcolm

1 1

When running with the hedgehog profile, the opensearch.keystore file is not being created. This is technically okay, since it's not really needed: however, docker wants it to be present for the bin...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

port numbers should not be shown with commas in Dashboards · Issue #540 · cisagov/Malcolm

1 1

General practice is not to include commas in port numbers (e.g., 51200 vs. 51,200). Dashboards management allows this to be configured: dashboard management > index patterns > arkime_sessions3* > s...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

ensure all conn.log entries are tagged "ics" for OT protocols · Issue #541 · cisagov/Malcolm

1 1

We need to make sure that all conn.log entries get tagged with ics when an ICS protocol is detected. This is maybe already supposed to be handled but I don't see it is being done in every case. I w...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

user-defined custom field formats for index patterns can get overwritten by Malcolm · Issue #542 · cisagov/Malcolm

1 1

found by @ee-hex-ee If a user goes into the index pattern and sets custom formatting: I think what is happening is that if templates have been imported (based on the existing templates' hashes not ...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

add navigation pane to non-network dashboards · Issue #543 · cisagov/Malcolm

1 1

The non-network log dashboards (e.g., third party logs, temperature, windows event logs, etc.) don't have the navigation pane on them, so it makes them more difficult to get back "home" from them. ...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

URL pivot links from dashboards to arkime · Issue #551 · cisagov/Malcolm

1 1

I've got the ability now to make values in OpenSearch Dashboards tables URLs, which can be used to pivot from Dashboards to Arkime. At the moment, this will only work for OpenSearch Dashboards-base...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

pivoting between Arkime and Dashboards doesn't work when Malcolm is behind a reverse proxy (e.g., traefik) · Issue #552 · cisagov/Malcolm

1 1

Previously when pivoting between arkime and dashboards using the UI context menu (arkime -> dashboards, and now dashboards -> arkime, see #551), this worked fine unless Malcolm itself was behind a ...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

integrate omron fins parser · Issue #554 · cisagov/Malcolm

1 1

cisagov/icsnpp-omron-fins needs to be integrated into Malcolm. adding a new zeek package new log fields parsing new zeek logs adding new visualizations

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

cisagov/Malcolm · Discussions

1 1

Explore the GitHub Discussions forum for cisagov Malcolm. Discuss code, ask questions & collaborate with the developer community.

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

on Aug 2

From github.com

Release v7.1.0 · zeek/zeek

1 1

We would like to thank Aashish Sharma (@initconf), Andras Gemes (@gemesa), Anthony Kasza (@anthonykasza), Benjamin Grap (@blightzero), Chiragdeshlehra27, @cooper-grill, Craig Leres (@leres), Eldon ...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

3h ago

From github.com

Release 3.1.5 · pallets/jinja

1 1

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature re...

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

on Dec 21

From malcolm.fyi

https://malcolm.fyi/docs/download.html#DownloadISOs

1 1

#ot #dhs #ics #inl #cisa #pcap #zeek #cyber #arkime #netbox

Showing first 20 out of 43