👮‍♂️🌎 Querétaro fortalece su seguridad con la futura Academia de Capacitación Táctica Internacional en el Complejo Rhino. Más preparación policial significa mayor protección para la ciudadanía. 🚔
#Querétaro #Seguridad #Policía #Capacitación #INL
Más información aqui 👇

https://amanecerqro.com/queretaro-impulsa-academia-de-capacitacion-tactica-internaciona/

Malcolm v25.12.1 contains a few critical bug fixes and component version updates.

https://github.com/idaholab/Malcolm/compare/v25.12.0...v25.12.1

• ✨ Features and enhancements
  • Installer splash screen shows "HEDGEHOG" when using Hedgehog run profile
• ✅ Component version updates
  • supercronic to v0.2.40
  • Alpine (Docker base image) to v3.23
  • NetBox to v4.4.8
  • urllib3 to v2.6.0 (CVE-2025-66471, 8.9 High, GHSA-2xpw-w6gg-jr37)
• 🐛 Bug fixes
  • Changed field used in Threat Intelligence dashboard's file type table from zeek.intel.file_mime_type to file.mime_type so filters created from it can work on other dashboards
  • link for threat intelligence URL doesn't work correctly from dashboards (behind reverse proxy) (#832)
  • self-signed certificates not accepted by Chrome (#833)
  • Malcolm ISO installer's automatic partitioning may create too-small /var partition (#835)
• 🧹 Code and project maintenance
  • Added new Analytics section to documentation

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

🔍 La Fiscalía de Querétaro fortaleció su labor forense con el apoyo del INL y del ICITAP, elevando la calidad de las investigaciones y garantizando justicia para la ciudadanía.
🤝 Cooperación internacional que impulsa tecnología, capacitación y mejores prácticas.
#FiscalíaQuerétaro #INL #ICITAP #Justicia #Seguridad
Más información en: www.amanecerqro.com

https://amanecerqro.com/fiscalia-queretaro-fortalece-labor-forense-con-cooperacion-internacional/

Addio all’Ispettorato nazionale del lavoro, funzionari in fuga.

Un altro miracolo italiano e del resto Giorgia Meloni l’aveva detto chiaro e tondo: “Non si disturba chi produce ricchezza, lo Stato non deve vessare le aziende”. E allora che farne di quei rompiscatole degli ispettori?

https://www.ilfattoquotidiano.it/2025/11/13/addio-allispettorato-nazionale-del-lavoro-funzionari-in-fuga-ci-candidiamo-in-massa-al-concorso-di-inps-e-inail/8193664/

#INL #Lavoro #SicurezzaSulLavoro #Inps #Inail #GovernoMeloni

Malcolm v25.11.0 includes an overhaul of the install.py installation/configuration script, a few bug fixes, and some component version updates.

https://github.com/idaholab/Malcolm/compare/v25.09.0...v25.11.0

• ✨ Features and enhancements
  • We're in the process of majorly overhauling our install.py script (#395) used for setting up a Linux or MacOS system to run Malcolm and for configuring Malcolm's runtime options. There are future updates still to come (#766) but for now the command-line and dialog-based interfaces' functionality and backend are in place. The step-by-step wizard has been replaced with a menu-based interface that allows for changing individual values without having to step through the whole set of questions. The Docker-based Malcolm installation example on Ubuntu and end-to-end installation example have useful information about this change, as does the command-line arguments document. We've done a lot of testing on what's a complete rewrite of this, but there is a possibility we missed something; if you find an issue with the new install/configure script, please open a discussion or log a bug and let us know. For the next release or so, we're leaving the legacy installer in place as scripts/legacy_install.py which could be used in a pinch (e.g., run scripts/legacy_install.py --configure for the old configuration menu).
  • We've incorporated a new "Connections Tree" visualization. This visualization tracks the potential of lateral movement based on the observed communications between all devices that reach a root node, identified by IP address. It gives a high-level view showing both direct and indirect connetions between the root IP and all of its destinations, regardless of time, along with enriched data for each endpoint and connection.
  • Updates to the Validated Design Architecture Review (VADR) dashboards.
  • The OpenSearch container now includes the repository-s3 plugin, useful for those who wish to configure OpenSearch's snapshots to save to S3-compatible buckets.
• ✅ Component version updates
  • Arkime to v5.8.2
  • Fluent Bit to v4.1.1
  • Keycloak to v26.4.2
  • OpenResty to v1.27.1.2
  • OpenSearch Dashboards to v3.3.0
  • OpenSearch to v3.3.2
  • supercronic to v0.2.38
  • yq to v4.48.1
  • Zeek to v8.0.3
• 🐛 Bug fixes
  • Double imports when restarting Malcolm (#588) (thanks @KchChr)
• 🧹 Code and project maintenance
  • Refactored a number of Python functions to reduce cyclomatic complexity (#765, work ongoing)
• 📄 Configuration changes (in environment variables in ./config/) for Malcolm and in control_vars.conf for Hedgehog Linux. The Malcolm control script (e.g., ./scripts/status, ./scripts/start, etc.) should take care of creating new variables and migrating existing ones as needed based on the rules in ./config/env-var-actions.yml without intervention on the user's part.
  • Malcolm
    • NGINX_RESOLVER_IPV4_OFF and NGINX_RESOLVER_IPV6_OFF have been renamed to NGINX_RESOLVER_IPV4 and NGINX_RESOLVER_IPV6, respectively, and their logic reversed, in nginx.env.

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

#RésultatScientifique 🔎 | Des surfaces superhydrophobes en polymère grâce à un moule microtexturé

🔬 #INL & #LTDS 🤝 @cnrs @CentraleLyon @CPELyon #ENTPE @insadelyon @UnivLyon1 📍 @CNRS_dr07
https://www.insis.cnrs.fr/fr/cnrsinfo/des-surfaces-superhydrophobes-en-polymere-grace-un-moule-microtexture

Malcolm v25.09.0 includes new features and available customizations, improvements to Threat Intelligence, component version updates, and several important bug fixes.

https://github.com/idaholab/Malcolm/compare/v25.08.1...v25.09.0

• ✨ Features and enhancements
  • improve Modbus register tracking with new modbus_detailed.log (cisagov/Malcolm#762)
  • add non-LVM option(s) for Malcolm/Hedgehog Linux ISO installers (cisagov/Malcolm#725)
  • allow configuring default search time frame for OpenSearch Dashboards (cisagov/Malcolm#724)
  • allow customizing maximum upload file size (cisagov/Malcolm#769)
  • add Arkime capture statistics to the Packet Capture Statistics dashboard (cisagov/Malcolm#703)
  • integrate Validated Architecture Design Review (VADR) dashboards (cisagov/Malcolm#780)
  • Threat Intelligence improvements
    • support Google Threat Intelligence feed for building Zeek intel source (cisagov/Malcolm#758)
    • renamed Zeek Intelligence dashboard to Threat Intelligence and improved it
    • links from context menu items in Arkime and Dashboards (like reference URLs for IOCs) now ask the user before navigating to external sites
  • Added icons with links to "ready" and "ingest statistics" APIs to landing page
  • Include tx-rx-secure.sh in files packaged by malcolm_appliance_packager.sh
• ✅ Component version updates
  • Arkime to v5.8.0
  • NetBox to v4.3.7
  • yq to v4.47.2
  • Fluent Bit to v4.0.10
• 🐛 Bug fixes
  • Python code handling X-Forwarded- headers should do case insensitive lookup (cisagov/Malcolm#764)
  • uploaded PCAPs that result in no filename-derived tags erroneously end up with internal tags on them (cisagov/Malcolm#774)
  • installer option for encrypted storage are not marking secondary data/artifact storage for encryption (cisagov/Malcolm#779)
  • Malcolm/Hedgehog Linux ISO-installed environments' auditd service fails to start (cisagov/Malcolm#761)
  • Failed shard query error on Overview dashboard (cisagov/Malcolm#754)
• 🧹 Code and project maintenance
  • refactor GitHub build actions for Malcolm Docker images to reduce duplication (cisagov/Malcolm#717)
• 📄 Configuration changes (in environment variables in ./config/) for Malcolm and in control_vars.conf for Hedgehog Linux. The Malcolm control script (e.g., ./scripts/status, ./scripts/start, etc.) should take care of creating new variables and migrating existing ones as needed based on the rules in ./config/env-var-actions.yml.
  • Malcolm
    • PCAP_UPLOAD_MAX_FILE_GB added to upload-common.env to allow configuring maximum PCAP upload size (cisagov/Malcolm#769)
    • DASHBOARDS_TIMEPICKER_FROM and DASHBOARDS_TIMEPICKER_TO added to dashboards-helper.env to allow configuring default search time frame for OpenSearch Dashboards (cisagov/Malcolm#724)

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

Building a network traffic analysis system: Deploying Malcolm on Amazon EC2

This is the first of two blog posts on the AWS Public Sector Blog about deploying Malcolm on Amazon AWS. It covers installing Malcolm on a single EC2 instance. The next post will cover deploying Malcolm on EKS.

For those of you more interested in scaling Malcolm using Kubernetes, you can check out our "still-in-beta" Helm chart and share your feedback in the issue tracker on that repo.

#AWS #EC2 #Malcolm #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov