Malcolm v1.7.0
idaholab/Malcolm@v1.6.0...v1.7.0
Malcolm v1.7.0 is a big release, with the following goodness:
- Zeek 3.0
- New parsers/analyzers, complete list:
- Amazon.com, Inc.'s ICS protocol analyzers
- Corelight's bro-xor-exe plugin
- Corelight's community ID flow hashing plugin
- J-Gras' Bro::AF_Packet plugin
- Lexi Brent's EternalSafety plugin
- MITRE Cyber Analytics Repository's Bro/Zeek ATT&CK-Based Analytics (BZAR) script
- Salesforce's gQUIC analyzer
- Salesforce's HASSH SSH fingerprinting plugin
- Salesforce's JA3 TLS fingerprinting plugin
- SoftwareConsultingEmporium's Bro::LDAP analyzer
- Logstash: use the cidr plugin to assign internal_source, external_source, internal_destination, external_destination tags based on srcIp and dstIp Zeek logs
- ISO installer tweaks
- hardening compliance tweaks
- Dashboards for all new protocols
- Documentation updates
- user account management (htadmin) improvements
- bump Elastic to 6.8.4-oss
- added human-readable names to types created with Moloch WISE
- use ZeroMQ-based approach for file scanning queue