List of changes in Malcolm v3.3.0:
Version 3.3.0 is a feature release of Malcolm.
-
New features
- Automatically create some broadly useful anomaly detectors when initializing Kibana
- connection size
- file transfer MIME type
- action and result (by application protocol)
- Configurable event severity scoring (idaholab#19) and new Severity dashboard
- Automatically create some broadly useful anomaly detectors when initializing Kibana
-
Other changes
- vagrant-based ISO build can now work with either VirtualBox or libvirt providers
- change wording of terms such as "master"/"slave" to "client"/"server" as instructed by DHS directive
-
Version updates
- Update base image for Debian-based Docker images from 10 (buster) to 11 (bullseye)
- Update Yara to 4.1.2
- Update Capa to 2.0.0
- Update Spicy to 1.2.1
- Update remainder of python 2 code to python 3
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/download/.