more work on development of documentation to split out into github pages

README.md

@@ -2,7 +2,7 @@
 
 ![](./docs/images/logo/Malcolm_outline_banner_dark.png)
 
-[Malcolm](https://github.com/idaholab/Malcolm) is a powerful network traffic analysis tool suite designed with the following goals in mind:
+[Malcolm]({{ site.github.repository_url }}) is a powerful network traffic analysis tool suite designed with the following goals in mind:
 
 * **Easy to use** – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is automatically normalized, enriched, and correlated for analysis.
 * **Powerful traffic analysis** – Visibility into network communications is provided through two intuitive interfaces: OpenSearch Dashboards, a flexible data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Arkime (formerly Moloch), a powerful tool for finding and identifying the network sessions comprising suspected security incidents.
@@ -27,33 +27,33 @@ You can help steer Malcolm's development by sharing your ideas and feedback. Ple
 
 See [**Building from source**](docs/development.md#Build) to read how you can use GitHub [workflow files](./.github/workflows/) to build Malcolm.
 
-![api-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/api-build-and-push-ghcr/badge.svg)
-![arkime-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/arkime-build-and-push-ghcr/badge.svg)
-![dashboards-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/dashboards-build-and-push-ghcr/badge.svg)
-![dashboards-helper-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/dashboards-helper-build-and-push-ghcr/badge.svg)
-![file-monitor-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/file-monitor-build-and-push-ghcr/badge.svg)
-![file-upload-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/file-upload-build-and-push-ghcr/badge.svg)
-![filebeat-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/filebeat-build-and-push-ghcr/badge.svg)
-![freq-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/freq-build-and-push-ghcr/badge.svg)
-![htadmin-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/htadmin-build-and-push-ghcr/badge.svg)
-![logstash-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/logstash-build-and-push-ghcr/badge.svg)
-![name-map-ui-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/name-map-ui-build-and-push-ghcr/badge.svg)
-![nginx-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/nginx-build-and-push-ghcr/badge.svg)
-![opensearch-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/opensearch-build-and-push-ghcr/badge.svg)
-![pcap-capture-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/pcap-capture-build-and-push-ghcr/badge.svg)
-![pcap-monitor-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/pcap-monitor-build-and-push-ghcr/badge.svg)
-![suricata-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/suricata-build-and-push-ghcr/badge.svg)
-![zeek-build-and-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/zeek-build-and-push-ghcr/badge.svg)
-![malcolm-iso-build-docker-wrap-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/malcolm-iso-build-docker-wrap-push-ghcr/badge.svg)
-![sensor-iso-build-docker-wrap-push-ghcr](https://github.com/mmguero-dev/Malcolm/workflows/sensor-iso-build-docker-wrap-push-ghcr/badge.svg)
+![api-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/api-build-and-push-ghcr/badge.svg)
+![arkime-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/arkime-build-and-push-ghcr/badge.svg)
+![dashboards-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/dashboards-build-and-push-ghcr/badge.svg)
+![dashboards-helper-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/dashboards-helper-build-and-push-ghcr/badge.svg)
+![file-monitor-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/file-monitor-build-and-push-ghcr/badge.svg)
+![file-upload-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/file-upload-build-and-push-ghcr/badge.svg)
+![filebeat-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/filebeat-build-and-push-ghcr/badge.svg)
+![freq-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/freq-build-and-push-ghcr/badge.svg)
+![htadmin-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/htadmin-build-and-push-ghcr/badge.svg)
+![logstash-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/logstash-build-and-push-ghcr/badge.svg)
+![name-map-ui-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/name-map-ui-build-and-push-ghcr/badge.svg)
+![nginx-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/nginx-build-and-push-ghcr/badge.svg)
+![opensearch-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/opensearch-build-and-push-ghcr/badge.svg)
+![pcap-capture-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/pcap-capture-build-and-push-ghcr/badge.svg)
+![pcap-monitor-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/pcap-monitor-build-and-push-ghcr/badge.svg)
+![suricata-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/suricata-build-and-push-ghcr/badge.svg)
+![zeek-build-and-push-ghcr]({{ site.github.repository_url }}/workflows/zeek-build-and-push-ghcr/badge.svg)
+![malcolm-iso-build-docker-wrap-push-ghcr]({{ site.github.repository_url }}/workflows/malcolm-iso-build-docker-wrap-push-ghcr/badge.svg)
+![sensor-iso-build-docker-wrap-push-ghcr]({{ site.github.repository_url }}/workflows/sensor-iso-build-docker-wrap-push-ghcr/badge.svg)
 
 ## <a name="Forks"></a>Forks
 
 [CISA](https://www.cisa.gov/) maintains the upstream source code repository for Malcolm at [https://github.com/cisagov/Malcolm](https://github.com/cisagov/Malcolm). The [Idaho National Lab](https://inl.gov/)'s fork of Malcolm, which is currently kept up-to-date with CISA's upstream development, can be found at [https://github.com/idaholab/Malcolm](https://github.com/idaholab/Malcolm).
 
 ## <a name="Footer"></a>Copyright
 
-[Malcolm](https://github.com/idaholab/Malcolm) is Copyright 2022 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the [Cybersecurity and Infrastructure Security Agency](https://www.cisa.gov/) of the [U.S. Department of Homeland Security](https://www.dhs.gov/).
+[Malcolm]({{ site.github.repository_url }}) is Copyright 2022 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the [Cybersecurity and Infrastructure Security Agency](https://www.cisa.gov/) of the [U.S. Department of Homeland Security](https://www.dhs.gov/).
 
 See [`License.txt`](./License.txt) for the terms of its release.
 

docs/README.md

@@ -2,7 +2,7 @@
 
 ![Malcolm Network Diagram](./images/malcolm_network_diagram.png)
 
-Malcolm processes network traffic data in the form of packet capture (docs/PCAP) files or Zeek logs. A [sensor](live-analysis.md#Hedgehog) (packet capture appliance) monitors network traffic mirrored to it over a SPAN port on a network switch or router, or using a network TAP device. [Zeek](https://www.zeek.org/index.html) logs and [Arkime](https://molo.ch/) sessions are generated containing important session metadata from the traffic observed, which are then securely forwarded to a Malcolm instance. Full PCAP files are optionally stored locally on the sensor device for examination later.
+Malcolm processes network traffic data in the form of packet capture (docs/PCAP) files or Zeek logs. A [sensor](live-analysis.md#Hedgehog) (packet capture appliance) monitors network traffic mirrored to it over a SPAN port on a network switch or router, or using a network TAP device. [Zeek](https://www.zeek.org/index.html) logs and [Arkime](https://arkime.com/) sessions are generated containing important session metadata from the traffic observed, which are then securely forwarded to a Malcolm instance. Full PCAP files are optionally stored locally on the sensor device for examination later.
 
 Malcolm parses the network session data and enriches it with additional lookups and mappings including GeoIP mapping, hardware manufacturer lookups from [organizationally unique identifiers (docs/OUI)](http://standards-oui.ieee.org/oui/oui.txt) in MAC addresses, assigning names to [network segments](host-and-subnet-mapping.md#SegmentNaming) and [hosts](host-and-subnet-mapping.md#HostNaming) based on user-defined IP address and MAC mappings, performing [TLS fingerprinting](https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967), and many others.
 

docs/contributing-dashboards.md

@@ -1,6 +1,6 @@
 # <a name="dashboards"></a>OpenSearch Dashboards
 
-[OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) is an open-source fork of [Kibana](https://www.elastic.co/kibana/), which is [no longer open-source software](https://github.com/idaholab/Malcolm/releases/tag/v5.0.0).
+[OpenSearch Dashboards](https://opensearch.org/docs/latest/dashboards/index/) is an open-source fork of [Kibana](https://www.elastic.co/kibana/), which is [no longer open-source software]({{ site.github.repository_url }}/releases/tag/v5.0.0).
 
 ## <a name="DashboardsNewViz"></a>Adding new visualizations and dashboards
 

docs/contributing-file-scanners.md

@@ -2,7 +2,7 @@
 
 Similar to the [PCAP processing pipeline](contributing-pcap.md#PCAP) described above, new tools can plug into Malcolm's [automatic file extraction and scanning](file-scanning.md#ZeekFileExtraction) to examine file transfers carved from network traffic.
 
-When Zeek extracts a file it observes being transfered in network traffic, the `file-monitor` container picks up those extracted files and publishes to a [ZeroMQ](https://zeromq.org/) topic that can be subscribed to by any other process that wants to analyze that extracted file. In Malcolm at the time of this writing (as of the [v5.0.0 release](https://github.com/idaholab/Malcolm/releases/tag/v5.0.0)), currently implemented file scanners include ClamAV, YARA, capa and VirusTotal, all of which are managed by the `file-monitor` container. The scripts involved in this code are:
+When Zeek extracts a file it observes being transfered in network traffic, the `file-monitor` container picks up those extracted files and publishes to a [ZeroMQ](https://zeromq.org/) topic that can be subscribed to by any other process that wants to analyze that extracted file. In Malcolm at the time of this writing (as of the [v5.0.0 release]({{ site.github.repository_url }}/releases/tag/v5.0.0)), currently implemented file scanners include ClamAV, YARA, capa and VirusTotal, all of which are managed by the `file-monitor` container. The scripts involved in this code are:
 
 * [shared/bin/zeek_carve_watcher.py](../shared/bin/zeek_carve_watcher.py) - watches the directory to which Zeek extracts files and publishes information about those files to the ZeroMQ ventilator on port 5987
 * [shared/bin/zeek_carve_scanner.py](../shared/bin/zeek_carve_scanner.py) - subscribes to `zeek_carve_watcher.py`'s topic and performs file scanning for the ClamAV, YARA, capa and VirusTotal engines and sends "hits" to another ZeroMQ sync on port 5988

docs/contributing-logstash.md

@@ -20,7 +20,7 @@ You'll need to provide access to your `cooltool` logs in a similar fashion.
 
 Next, tweak [`filebeat.yml`](../filebeat/filebeat.yml) by adding a new log input path pointing to the `cooltool` logs to send them along to the `logstash` container. This modified `filebeat.yml` will need to be reflected in the `filebeat` container via [bind mount](contributing-local-modifications.md#Bind) or by [rebuilding](development.md#Build) it.
 
-Logstash can then be easily extended to add more [`logstash/pipelines`](../logstash/pipelines). At the time of this writing (as of the [v5.0.0 release](https://github.com/idaholab/Malcolm/releases/tag/v5.0.0)), the Logstash pipelines basically look like this:
+Logstash can then be easily extended to add more [`logstash/pipelines`](../logstash/pipelines). At the time of this writing (as of the [v5.0.0 release]({{ site.github.repository_url }}/releases/tag/v5.0.0)), the Logstash pipelines basically look like this:
 
 * input (from `filebeat`) sends logs to 1..*n* **parse pipelines**
 * each **parse pipeline** does what it needs to do to parse its logs then sends them to the [**enrichment pipeline**](#LogstashEnrichments)

docs/contributing-pcap.md

@@ -1,6 +1,6 @@
 # <a name="PCAP"></a>PCAP processors
 
-When a PCAP is uploaded (either through Malcolm's [upload web interface](upload.md#Upload) or just copied manually into the `./pcap/upload/` directory), the `pcap-monitor` container has a script that picks up those PCAP files and publishes to a [ZeroMQ](https://zeromq.org/) topic that can be subscribed to by any other process that wants to analyze that PCAP. In Malcolm at the time of this writing (as of the [v5.0.0 release](https://github.com/idaholab/Malcolm/releases/tag/v5.0.0)), there are two of those: the `zeek` container and the `arkime` container. In Malcolm, they actually both share the [same script](../shared/bin/pcap_processor.py) to read from that topic and run the PCAP through Zeek and Arkime, respectively. If you're looking for an example to follow, the `zeek` container is the less complicated of the two. So, if you were looking to integrate a new  PCAP processing tool into Malcolm (named `cooltool` for this example), the process would be something like:
+When a PCAP is uploaded (either through Malcolm's [upload web interface](upload.md#Upload) or just copied manually into the `./pcap/upload/` directory), the `pcap-monitor` container has a script that picks up those PCAP files and publishes to a [ZeroMQ](https://zeromq.org/) topic that can be subscribed to by any other process that wants to analyze that PCAP. In Malcolm at the time of this writing (as of the [v5.0.0 release]({{ site.github.repository_url }}/releases/tag/v5.0.0)), there are two of those: the `zeek` container and the `arkime` container. In Malcolm, they actually both share the [same script](../shared/bin/pcap_processor.py) to read from that topic and run the PCAP through Zeek and Arkime, respectively. If you're looking for an example to follow, the `zeek` container is the less complicated of the two. So, if you were looking to integrate a new  PCAP processing tool into Malcolm (named `cooltool` for this example), the process would be something like:
 
 1. Define your service as instructed in the [Adding a new service](contributing-new-image.md#NewImage) section
     * Note how the existing `zeek` and `arkime` services use [bind mounts](contributing-local-modifications.md#Bind) to access the local `./pcap` directory

docs/development.md

@@ -4,7 +4,7 @@
     - [Building from source](#Build)
     - [Pre-Packaged installation files](#Packager)
 
-Checking out the [Malcolm source code](https://github.com/idaholab/Malcolm/tree/main) results in the following subdirectories in your `malcolm/` working copy:
+Checking out the [Malcolm source code]({{ site.github.repository_url }}/tree/{{ site.github.build_revision }}) results in the following subdirectories in your `malcolm/` working copy:
 
 * `api` - code and configuration for the `api` container which provides a REST API to query Malcolm
 * `arkime` - code and configuration for the `arkime` container which processes PCAP files using `capture` and which serves the Viewer application

docs/download.md

@@ -12,7 +12,7 @@ Malcolm's Docker-based deployment model makes Malcolm able to run on a variety o
 
 Malcolm can be [packaged](/documentation/#ISOBuild) into an [installer ISO](/documentation/#ISO) based on the current [stable release](https://wiki.debian.org/DebianStable) of [Debian](https://www.debian.org/). This [customized Debian installation](https://wiki.debian.org/DebianLive) is preconfigured with the bare minimum software needed to run Malcolm.
 
-While official downloads of the Malcolm installer ISO are not provided, an **unofficial build** of the ISO installer for the [latest stable release](https://github.com/idaholab/Malcolm/releases/latest) is available for download here.
+While official downloads of the Malcolm installer ISO are not provided, an **unofficial build** of the ISO installer for the [latest stable release]({{ site.github.repository_url }}/releases/latest) is available for download here.
 
 | ISO | SHA256 |
 |---|---|
@@ -36,4 +36,4 @@ Read carefully the installation documentation for [Malcolm](/documentation/#ISOI
 
 ## Disclaimer
 
-The terms of [Malcolm's license](https://raw.githubusercontent.com/idaholab/Malcolm/main/License.txt) also apply to these unofficial builds of the Malcolm and Hedgehog Linux installer ISOs: neither the organizations funding Malcolm's development, its developers nor the maintainer of this site makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness or usefulness of any data, apparatus or process disclosed therein.
+The terms of [Malcolm's license]({{ site.github.repository_url }}/blob/{{ site.github.build_revision }}/License.txt) also apply to these unofficial builds of the Malcolm and Hedgehog Linux installer ISOs: neither the organizations funding Malcolm's development, its developers nor the maintainer of this site makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness or usefulness of any data, apparatus or process disclosed therein.

docs/hedgehog-config-root.md

@@ -32,7 +32,7 @@ In either case, upon selecting **OK** the network interface will be brought down
 
 ## <a name="HedgehogConfigTime"></a>Time synchronization
 
-Returning to the configuration mode selection, choose **Time Sync**. Here you can configure the sensor to keep its time synchronized with either an NTP server (using the NTP protocol) or a local [Malcolm](https://github.com/idaholab/Malcolm) aggregator or another HTTP/HTTPS server. On the next dialog, choose the time synchronization method you wish to configure.
+Returning to the configuration mode selection, choose **Time Sync**. Here you can configure the sensor to keep its time synchronized with either an NTP server (using the NTP protocol) or a local [Malcolm]({{ site.github.repository_url }}) aggregator or another HTTP/HTTPS server. On the next dialog, choose the time synchronization method you wish to configure.
 
 ![Time synchronization method](./images/hedgehog/images/time_sync_mode.png)