Malcolm v2.6.1 contains the following changes:
- Added TFTP Zeek parser and corresponding Logstash parsing, Arkime WISE support and Kibana dashboards
- Provide browser-based access to zeek/extracted-files directory (idaholab#34)
- Fix LDAP analyzer not parsing all events (idaholab#35)
- Provide more fine-tuned controls for Zeek's node.cfg in Hedgehog sensor (idaholab#36, /pull/158)
- set zeek.uid to conn_uids for files.log entries (idaholab#33)
- Modify Zeek build chain to use default GCC compilers instead of LLVM/clang,which reduces build dependencies
- Use Firefox instead of Chromium for browser in ISO-installed versions of Malcolm and in Hedgehog Linux
- Updated copyright notices in text from "2020" to "2021" (which is the bulk of the changed files in this commit)
- Version bumps
- Yara to 4.0.4