It’s finally here! Check out the agenda for #SuriCon2025 in Montreal, Canada. We deliver to you a breakdown of all the insightful experiences we’re offering this year! https://suricon.net/agenda-montreal/
Don’t miss out on this jam-packed event! Register here: https://www.eventbrite.com/e/suricon2025-montreal-canada-tickets-1299841513959
Hear from Jason Ish (@jish) , on the new Lua capabilities and Suricata library features from Suricata 8. He lets us know why he’s happy to see these improvements and more in the video below!
Building a network traffic analysis system: Deploying Malcolm on Amazon EC2
This is the first of two blog posts on the AWS Public Sector Blog about deploying Malcolm on Amazon AWS. It covers installing Malcolm on a single EC2 instance. The next post will cover deploying Malcolm on EKS.
For those of you more interested in scaling Malcolm using Kubernetes, you can check out our "still-in-beta" Helm chart and share your feedback in the issue tracker on that repo.
#AWS #EC2 #Malcolm #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
In this post, we provide step-by-step guidance for deploying Malcolm—an open source network traffic analysis suite—natively on Amazon Elastic Compute Cloud (Amazon EC2), using the on-demand compute, elasticity, and scalability of AWS to eliminate traditional infrastructure overhead. This approach is particularly beneficial for cost-conscious public sector (federal, state, and local), utility, and industrial customers who require network and security monitoring to deliver on their missions.
We were onsite at BSides Las Vegas!
We hope some of you got to see Lukas Sismis and say hi before the conference is over! He’s happy to chat about all things Suricata 8 and SuriCon!
He had some cool #Suricata swag with him.
Peter Manev, Suricata Evangelist, recently spoke on why you should attend SuriCon. He even gave the top three reasons to join the team in Montreal this year. Learn this and more about Suricata 8 in the video below but also at SuriCon this year.
Sign up today!
A big thank you to @greynoise for sponsoring #SuriCon2025 as a Community Partner! They provide real-time, verifiable threat intelligence powered by the largest and most sophisticated internet sensor network. Thank you for supporting this year’s SuriCon!
Learn more about GreyNoise: www.greynoise.io
We’re excited to welcome NEOX as the newest member of the OISF Consortium!
NEOX joins a global network of industry leaders who understand that supporting Suricata is more than goodwill—it’s a vote of confidence in the power and future of open-source. As a provider of high-performance, scalable network visibility solutions, NEOX is committed to driving digital transformation, modernization, and business continuity.
Consortium Members aren’t just users of Suricata—they’re strategic partners investing in its long-term sustainability and innovation. Their support helps keep Suricata free, community-driven, and enterprise-ready.
Learn more about NEOX here:
https://neoxnetworks.com/
Malcolm v25.07.0 includes quite a few new features and enhancements, performance improvements, bug fixes, and component version updates.
If you are updating from a version older than v25.06.0, please read those release notes prior to updating to this version.
Suricata
Seth Groverknown_services.log (#705)PCAP_PROCESSED_DIRECTORY (to support new live PCAP processing method in Malcolm-Helm) (#702)install.py script is now a bit more robust in trying to help ensure the correct packages and Python libraries are installedMalcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.
As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.
#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov
Explore how @suricata and CrowdSec work together in this webinar replay hosted by CrowdSec ambassador @flaviuvlaicu 🎉
You'll get a step-by-step walkthrough of the integration and a deep dive into best practices.
Whether you're a security professional, DevOps engineer, or IT administrator, this video is packed with practical insights to help you strengthen your defenses with ease.
🎥 Watch now: https://youtube.com/watch?v=GxR1jqGdN5A
@gary_alderson hehe thanks! I really wasn't sure what I was getting into, and still have only mastered the basics, but #suricata via #pfSense was luckily pretty straightforward to set up and IPS was ok to get it going.
I do feel like I need to go through the alerts logs quite frequently, but I do enjoy that. After a couple of weeks of custom making the dropsid.conf, you actually can monitor it less and less, just does its thing :)
CrowdSec
Ivan Todorov