Malcolm v24.03.0
Malcolm v24.03.0 contains new features, improvements, bug fixes and component version updates.
- Features and enhancements
- support json-delimited import for Zeek logs (idaholab#65)
- go through list of Trivy security findings (idaholab#236)
- support /attributes and /events enpoints from MISP feed for Zeek intel generation (idaholab#336)
- KEV detections for Unitronics VisiLogic CVE-2023-6448 (idaholab#394)
- create dashboards for other non-network log data (idaholab#414)
- links on landing page should open in a new tab (idaholab#427)
- incorporate ICSNPP Profinet IO CM parser (idaholab#429)
- Component version updates
- Arkime to v5.0.1
- OpenSearch and OpenSearch Dashboards to v2.12.0
- Bug fixes
- fix the way we do environment variables in local.zeek (idaholab#413)
- a few issues with the install.py script when installing from GitHub releases (idaholab#416)
- htadmin creating entries without a newline between them in the htpasswd file (idaholab#426)
- hard-coded date value in Kibana pivot links (idaholab#428)
- unencrypted, unzipped extracted file download not working (idaholab#431)
- Configuration changes (in environment variables in
./config/)- these variables in
zeek.env
# Set to true to indicate that Zeek should output logs in JSON format ZEEK_JSON= # Whether or not to require SSL certificate verification when querying a TAXII or MISP feed ZEEK_INTEL_FEED_SSL_CERTIFICATE_VERIFICATION=false # Whether or not to disable the ICSNPP Profinet IO CM parser ZEEK_DISABLE_ICS_PROFINET_IO_CM= - these variables in
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.