Malcolm v3.4.0 is a feature release focused on bringing its major underlying components up-to-date with the latest released versions, increasing stability, improving performance and adding new features.
- Component version updates
- Added GitHub actions for building the Malcolm Docker images on GitHub and pushing them to GHCR
- Moved common Logstash Ruby code to file-based scripting
- Use standard stunnel package in NGINX proxy container rather than building from source
- Switched from CLANG to GCC build toolchain for Zeek and Spicy plugins
- Replaced LXDE desktop environment with XFCE (for ISO images)
- Renamed various fields to align with Arkime's gradual adoption of the Elastic Common Schema
- Added parser support and dashboard for the STUN (Session Traversal Utilities for NAT) protocol
- Further improved capabilities for tagging ICS traffic
- Logs from known ICS protocols how have
icsadded to thetagsfield - Logs identified by "ICS best guess" lookups now have
ics_best_guessadded to thetagsfield - "ICS best guess" lookups have been augmented with a MAC address lookup table of ICS hardware vendors
- ICS-related overview dashboards have been updated accordingly
- Logs from known ICS protocols how have
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/download/.