I'm on cloud nine since the v24.06.0 release of Malcolm, bringing you (who could have imagined?!?) new features, improvements, component version updates, and a few bug fixes. Please see the release notes, particularly if you've been using NetBox, as an update to that tool brings some backwards-compatibility-breaking changes (sorry 😢).

• Features and enhancements
  • Support for multiple NetBox sites (issue #449)
    • Malcolm now supports enrichment from a NetBox inventory for asset interaction analysis across multiple sites. The NetBox site can be specified for uploaded PCAP, for a Hedgehog Linux sensor, and for Malcolm live capture.
  • JA4+ replaces the JA3 TLS fingerprinting standard from 2017 (see also this blog post) (issue #419)
  • Support uploading Windows Event Log evtx files (issue #465) and update associated dashboard
  • Document using GitHub runners to build Malcolm images (for contributors' guide, issue #491)
  • Generate new forwarder SSL keys on-the-fly when transferring between Malcolm and Hedgehog Linux (issue #492)
  • Incorporate ATT&CK-based Control-system Indicator Detection for Zeek (ACID) (issue #489), a collection of Operational Techonology (OT) protocol indicators developed to alert on specific ATT&CK for ICS behaviors
  • Add platform architecture and machine boot time to Malcolm version API
  • Add links to the navigation pane of most dashboards to "other" dashboards for non-network log data (e.g., resource monitoring, Windows Event logs, etc.)
• Component version updates
  • NetBox to v4.0.6 (from v3.6.7, issue #385)
  • OpenSearch and OpenSearch Dashboards to v2.15.0
  • and lots more...
• Bug fixes
  • Arkime viewer not rolling PCAPs (issue #484)
  • Free up space in GitHub runner environment building ISO images to avoid build errors due to exhausted disk space

New to Malcolm? Grab some popcorn and watch these overview videos to give you an idea of what it's about. See the quick start guide to learn how to install Malcolm, or check out these tutorial videos for installing using Docker or from the official ISO installer images for Malcolm and Hedgehog Linux, which can be downloaded from Malcolm's releases page on GitHub.

#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov #ja4

We've got a great new lesson in our Analyst Skills Vault that'll show you how to leverage Atomic Red Team to simulate attacks for detection and investigation research.

You can learn more about our Analyst Skills Vault and sign up here: https://networkdefense.co/skillsvault. We have monthly and annual subscription options and add new videos every month.

#detectionengineering #dfir #infosec