Malcolm v24.08.0

[mmguero]

Malcolm v24.08.0 contains minor improvements, some component version updates, and bug fixes.

https://github.com/cisagov/Malcolm/compare/v24.07.0...v24.08.0

• Features and enhancements
  • in ISO installer, prompt to format other drives for artifact storage rather than just doing it automatically (idaholab/Malcolm#529)
  • allow users to more easily add NetBox plugins (idaholab/Malcolm#530)
  • run netbox-initializers plugin on startup even if we're doing a netbox database backup preload (idaholab/Malcolm#531)
  • during auth_setup "all" operation, do required operations without prompting if the files don't already exist (idaholab/Malcolm#536)
  • some containers need resource request specified for Kubernetes (idaholab/Malcolm#539)
  • add "public" pseudo-segments for public IP addresses (idaholab/Malcolm#542)
  • reworked Windows Event dashboard
  • some documentation updates
  • added netbox tag to any logs that are passed into the netbox_enrich.rb script in the Logstash enrichment pipeline
• Component version updates
  • elasticsearch and elasticsearch-dsl Python libraries to v8.15.0
  • Arkime to v5.4.0
  • Beats to v8.15.0
  • evtx to v0.8.3
  • Fluent Bit to v3.1.6
    • fluent-bit-setup.ps1 helper script needs updated URLs (idaholab/Malcolm#541)
  • Logstash to v8.15.0
  • NetBox to v4.0.9
  • OpenSearch and OpenSearch Dashboards to v2.16.0
  • yq to v4.44.3
  • Zeek to v7.0.0 (idaholab/Malcolm#535)
• Bug fixes
  • dashboards-helper container's use of curl fails internal container name resolution when host has invalid DNS settings, prevents Malcolm initialization (idaholab/Malcolm#499)
  • Netbox service templates not populating (idaholab/Malcolm#522)
  • kubernetes manifest for netbox refers to netbox-netmap-json configmap which no longer exists (idaholab/Malcolm#540)
  • don't try to expose the OpenSearch port 9200 in docker-compose.yml when the database mode is not opensearch-local
  • improved the liveness check for the offline Zeek container so that it returns "healthy" if the intel thread feeds are still pulling before the monitoring processes start up