Malcolm v24.03.0
Malcolm v24.03.0 contains new features, improvements, bug fixes and component version updates.
- Features and enhancements
- support json-delimited import for Zeek logs (#65)
- go through list of Trivy security findings (#236)
- support /attributes and /events enpoints from MISP feed for Zeek intel generation (#336)
- KEV detections for Unitronics VisiLogic CVE-2023-6448 (#394)
- create dashboards for other non-network log data (#414)
- links on landing page should open in a new tab (#427)
- incorporate ICSNPP Profinet IO CM parser (#429)
- Component version updates
- Arkime to v5.0.1
- OpenSearch and OpenSearch Dashboards to v2.12.0
- Bug fixes
- fix the way we do environment variables in local.zeek (#413)
- a few issues with the install.py script when installing from GitHub releases (#416)
- htadmin creating entries without a newline between them in the htpasswd file (#426)
- hard-coded date value in Kibana pivot links (#428)
- unencrypted, unzipped extracted file download not working (#431)
- Configuration changes (in environment variables in
./config/)- these variables in
zeek.env
# Set to true to indicate that Zeek should output logs in JSON format ZEEK_JSON= # Whether or not to require SSL certificate verification when querying a TAXII or MISP feed ZEEK_INTEL_FEED_SSL_CERTIFICATE_VERIFICATION=false # Whether or not to disable the ICSNPP Profinet IO CM parser ZEEK_DISABLE_ICS_PROFINET_IO_CM= - these variables in
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.