Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
Rewrote the Network Traffic Artifact Upload interface and backend, replacing the defunct jQuery-File-Upload with FilePond. This was mainly due to jQuery-File-Upload no longer receiving security fixes and having some known vulnerabilities. see idaholab/Malcolm#235
Use netbox-initializers plugin, adding the ability to drop YAML files for various NetBox obects to be preloaded at startup. see idaholab/Malcolm#228
handle changes to ICSNPP parsers with source_ip/destination_ip fields (idaholab/Malcolm#233 and idaholab/Malcolm#226)
Bug fixes
Fixed extracting Malcolm version during ISO build
Workaround for wireshark no longer publishing raw manuf (OUI) list (idaholab/Malcolm#230)
Remove news feed from default NetBox dashboard (as it would try to reach out to the web for RSS updates)
Component version updates
Rebased Docker and ISO images to Debian 12 (bookworm)
live-build tool for building ISO images to debian/1%20230131
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.
Malcolm v23.08.0 is a minor release with a few improvements, bug fixes and component updates.
https://github.com/cisagov/Malcolm/compare/v23.07.1...v23.08.0
Features and enhancements
Bug fixes
Component version updates
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.