Malcolm v23.12.0 is a feature release with many improvements, updates and fixes
- Features and enhancements
- replace kbn_sankey_vis with vega or transform (idaholab#147)
- address issues with NetBox database and Logstash's NetBox cache (idaholab#259)
- integrate nsacyber/ELITEWOLF signatures into default rule set CISA (idaholab#275)
- improve error messages for PCAP/artifact processing beyond just icons (idaholab#276)
- option to auto-create "catch-all" NetBox IPAM prefixes for private IP space (idaholab#279)
- use prefix.description instead of VRF for identifying subnets in NetBox (idaholab#280)
- allow customizing Arkime's freeSpaceG setting (for PCAP deletion) in an environment variable (idaholab#285)
- replace master/slave with client/server when parsing modbus logs (idaholab#291)
- put netbox restore database functionality inside container (idaholab#294)
- provide way to customize zeek Site::local_nets (idaholab#295)
- allow configuration of docker's logging driver to prevent disk-exhaustion (idaholab#301)
- allow user to include other suricata config YML files (idaholab#302)
- allow user to be able to provide custom zeek config (idaholab#303)
- allow tuning Suricata's max-pending-packets via environment variable (idaholab#304)
- enable OpenSearch dashboards condensed header
- Component version updates
- Bug fixes
- Malcolm Sensor Temperature dashboard issue (idaholab#265)
- strip out broken Arkime and NetBox links from dashboards for Kibana import (idaholab#286)
- have netbox-restore script restart necessary services or set necessary permissions (idaholab#287)
- file type validation not working for upload from (some?) windows browsers (idaholab#292)
- go through list of Qualys image scan results (idaholab#299)
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.