github cisagov/Malcolm v2.0.5
Malcolm v2.0.5
on GitHub

latest releases: v24.02.1, v24.02.0, v24.01.0...
3 years ago

This release includes the following minor fixes and improvements:

idaholab/Malcolm@v2.0.4...v2.0.5

  • bump Curator from 5.7.6 to 5.8.1
  • build Docker images in a way that should result in smaller images by downloading artifacts inside the build process of the container with RUN rather than with ADD or with git clone
  • bump Moloch from 2.2.3 to 2.3.0
  • bump nginx (main nginx-proxy container) from 1.17.9 to 1.19.0
  • bump Zeek from 3.0.5 to 3.0.6
  • build Zeek with clang/llvm (instead of gcc)
  • build Spicy plugin with Zeek
  • added zeek-sniffpass Zeek plugin
  • added zeek-httpattacks Zeek plugin
  • documentation fixes
  • bump indices.query.bool.max_clause_count to 2048 for elasticsearch
  • fix #134, wait until Elasticsearch has log data before starting ElastAlert
  • fix some Kibana dashboards' "Notice" visualizations to include zeek_notice.msg
  • fix some Kibana dashboards where a timezone was hard-coded in the dashboard JSON
  • remove _dateparsefailure tag in finalization of Logstash enrichment filters
  • merge in fixes from development branch dealing with logs from corelight/bro-xor-exe-plugin to make files.log entries searchable and notice.log entries more meaningful
  • populate zeek.action from SNMP logs where possible
  • various fixes/tweaks to WISE data source for Moloch
  • reduce debug log verbosity when being fed by a Hedgehog
  • minor tweaks to setting up template file for LDAP login information
  • bump netsniff-ng from 0.6.6 to 0.6.7 in Hedgehog
  • remove recommendation to install haveged, include random.trust_cpu=on CPU flag in ISO kernel boot parameters
  • handle dhcp.log client_software and server_software fields
  • preprocessing of Zeek log files prior to sending them to filebeat was affected: ordered-set broke compatibility with python 2.7 either with this commit (rspeer/ordered-set@a412f22) or earlier; rather than using the latest release, use 3.1.1 which is the last one that worked; see also rspeer/ordered-set#59
  • cut verbosity of stuff from hedgehog (POST) requests

Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on Github, but may be downloaded from https://malcolm.fyi/download/.

Check out latest releases or
releases around cisagov/Malcolm v2.0.5

Don't miss a new Malcolm release

NewReleases is sending notifications on new releases.

Get notifications