Malcolm v23.12.1

[mmguero]

Malcolm v23.12.0 is a minor release with a few updates and bug fixes

https://github.com/cisagov/Malcolm/compare/v23.12.0...v23.12.1

• Features and enhancements
  • have install.py offer to pull the docker images (idaholab/Malcolm#310)
  • only overwrite Arkime's config.ini with config.orig.ini if config.ini doesn't already exist (idaholab/Malcolm#311)
  • create Suricata rules for Zyxel vulnerabilities from KEV (idaholab/Malcolm#312)
  • provide alternate configuration for Arkime capture to listen on the interface directly rather than post-processing PCAPs (idaholab/Malcolm#281)
  • added SURICATA_DISABLE_ICS_ALL environment variable to disable OT/ICS analysis in Suricata
  • added ZEEK_INTEL_REFRESH_THREADS to allow setting the number of threads for intel feed pulls
  • documented the different run profiles (hedgehog vs. malcolm profiles) and generally improved documentation of live capture options
  • route /mapi/opensearch/, /mapi/logstash/ and /mapi/netbox/ from the Malcolm API endpoint to their respective component APIs
  • minor improvements to how the user supplies custom rules/config for Suricata, Zeek, and Arkime
• Component version updates
  • updated GitHub workflow actions for automated builds
  • supercronic to v0.2.29
  • LogStash to v8.11.3
  • Beats to v8.11.3
  • NetBox to v3.6.7
  • elasticsearch-py to v8.11.1
• Bug fixes
  • review and fix capabilities granted to containers (idaholab/Malcolm#282)
  • change URL for downloading manuf list to new wireshark.org URL / wireshark no longer publishes raw manuf (OUI) list (idaholab/Malcolm#230 and idaholab/Malcolm#306)
  • directory hierarchies not being created as Kubernetes configmap correctly (idaholab/Malcolm#308)
  • rsyslog no longer in Debian bookworm (idaholab/Malcolm#309)
  • removed unused Arkime log and raw directories