Malcolm v25.08.1
Malcolm v25.08.1 consists of several major component updates and a few bug fixes.
If you are updating from a version older than v25.06.0, please read those release notes prior to updating to this version.
- ✨ Features and enhancements
- ✅ Component version updates
- Beats to v8.19.2
- Debian to v13 (cisagov/Malcolm#744) for ISO installer images and Debian-based containers
- Fluent Bit to v4.0.8
- Logstash to v8.19.2
- NetBox to v4.3.6
- OpenSearch and OpenSearch Dashboards to v3.2.0 (cisagov/Malcolm#751)
- Supervisor to v4.3.0
- Zeek to v8.0.1 (cisagov/Malcolm#750)
- 🐛 Bug fixes
- Query workbench (SQL and PPL) is broken due to something to do with network index pattern field aliases (cisagov/Malcolm#746)
- Zeek containers need to be limited in max number of open files or memory grows very large (cisagov/Malcolm#747)
- avoid OpenSearch search shard failures by including
unspecifiedroles in indexes during NetBox enrichment #(cisagov/Malcolm#749) - differences in MISP object/attribute formatting cause Malcolm to ignore some threat feed indicators (cisagov/Malcolm#753)
- NetBox sites used for development testing included in release artifacts (cisagov/Malcolm#755)
wipescript no longer removes.gitignorefiles
- 🧹 Code and project maintenance
- Standardized the way Python scripts in Malcolm (both in the containers and the control scripts) do debug/informational logging (increase logging level with
-v,-vv,-vvv, etc.) - Removed
vagrant-sshfsrequirement from vagrant-based ISO builds in favor of Vagrant's builtinrsyncmechanism
- Standardized the way Python scripts in Malcolm (both in the containers and the control scripts) do debug/informational logging (increase logging level with
Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.
Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.
Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.
As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.