Malcolm v23.12.0 is a minor release with a few updates and bug fixes
- Features and enhancements
- have
install.pyoffer to pull the docker images (idaholab#310) - only overwrite Arkime's
config.iniwithconfig.orig.iniifconfig.inidoesn't already exist (idaholab#311) - create Suricata rules for Zyxel vulnerabilities from KEV (idaholab#312)
- provide alternate configuration for Arkime
captureto listen on the interface directly rather than post-processing PCAPs (idaholab#281) - added
SURICATA_DISABLE_ICS_ALLenvironment variable to disable OT/ICS analysis in Suricata - added
ZEEK_INTEL_REFRESH_THREADSto allow setting the number of threads for intel feed pulls - documented the different run profiles (
hedgehogvs.malcolmprofiles) and generally improved documentation of live capture options - route
/mapi/opensearch/,/mapi/logstash/and/mapi/netbox/from the Malcolm API endpoint to their respective component APIs - minor improvements to how the user supplies custom rules/config for Suricata, Zeek, and Arkime
- have
- Component version updates
- Bug fixes
- review and fix capabilities granted to containers (idaholab#282)
- change URL for downloading manuf list to new wireshark.org URL / wireshark no longer publishes raw manuf (OUI) list (idaholab#230 and idaholab#306)
- directory hierarchies not being created as Kubernetes configmap correctly (idaholab#308)
- rsyslog no longer in Debian bookworm (idaholab#309)
- removed unused Arkime log and raw directories
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.