Malcolm v24.07.0

[mmguero]

• Features and enhancements
  • integrated the ICSNPP GE SRTP network analyzer (idaholab/Malcolm#516)
  • Changed the way docker compose does bind mounts of files and directories to avoid creating empty directories when the source is missing, returning an error instead (idaholab/Malcolm#473)
    • This changed necessitated a switch from Python's built-in YAML library to ruamel.yaml
  • code to pull from MISP feeds should specify JSON as preferred format in HTTP headers (idaholab/Malcolm#520)
  • add optional service argument to restart script (idaholab/Malcolm#521)
  • replace API link on landing page with extracted-files (idaholab/Malcolm#524)
  • exclude private IP space Intel::ADDR items when populating Zeek intel (idaholab/Malcolm#528)
  • updated some screenshots for the documentation
• Component version updates
  • Alpine v3.20 for nginx-proxy container (idaholab/Malcolm#500)
  • Arkime v5.3.0
  • Beats v8.14.3
  • Fluent Bit to v3.1.4
  • Logstash v8.14.3
  • NetBox v4.0.8
  • osd_transform v2.15.0
  • certifi to v2024.7.4 to address CVE-2024-39689 for Hedgehog Linux
• Bug fixes
  • tarball-based installation should not depend on UID inside of tarball, prevents installation if UID with which tarball's contents were created don't match installing user's (idaholab/Malcolm#519)
  • bacnet discovery log not parsed correctly (idaholab/Malcolm#523)
  • resolved issue with the build.sh helper script when building non-AMD64 Docker images
• Configuration changes (in environment variables in ./config/)
  • The variable ZEEK_DISABLE_ICS_GE_SRTP has been added to zeek.env and control_vars.conf to control enabling the network analyzer for the GE SRTP protocol. It's default value is true (indicating that the analyzer is disabled) as it is a somewhat uncommon OT protocol that likely won't be needed by most Malcolm users.
• Other
  • Removed long-deprecated net-map.json file support (idaholab/Malcolm#517)