github cisagov/Malcolm v6.3.0
Malcolm v6.3.0

latest releases: v24.02.1, v24.02.0, v24.01.0...
2 years ago

Malcolm v6.3.0 is a feature release with a number of new features, bug fixes and improvements. Of particular note is Malcolm's ability to now use another OpenSearch instance or cluster in lieu of its own local instance.

Note that the changes involved in idaholab#10 require modifications to files used by docker-compose. Please run ./scripts/auth_setup and ./scripts/install.py --configure to ensure the appropriate new environment variables are set.

v6.2.0...v6.3.0

  • New Features

    • Support remote OpenSearch instance/cluster as alternative to local containerized instance (idaholab#10)
    • Documentation and convenience scripts for configuring ingestion of third-party logs, and basic parsing/normalizing of Fluent-Bit's Windows event logs
    • S7comm Plus support and replaced Amazon S7comm parser with icsnpp-s7comm (idaholab#99)
  • Version Bumps

    • OpenSearch and OpenSearch Dashboards to v2.2.1
    • Zeek to v5.0.1
    • Spicy to v1.5.1
    • spicy-plugin to v1.3.17
    • YARA to v4.2.3
    • Capa to v4.0.1
  • Improvements

    • Major improvements to OPC UA Binary parser and supporting dashboards
    • Ensure that all containers are provided the same information about trusted CA certificates
    • changed list of "sensitive countries" to match U.S. Department of Energy Sensitive Country List
    • Increased maximum fields from 3,000 to 5,000
    • Standardized configuration and authentication for primary and secondary remote OpenSearch instances, and make sure that index templates are created on secondary remote OpenSearch instances
    • Expand and fix normalization of network.direction in lieu of using tags
    • Various tweaks and improvements to the install.py script for enabling/disabling some features
  • Bugs Fixed

    • fields could be missing in Arkime due to a large number of concurrent requests (idaholab#115)
    • mapper_parsing_exception, TCP flag parsing problem (#214)

Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/download/.

Don't miss a new Malcolm release

NewReleases is sending notifications on new releases.