Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
There are some place in Malcolm where we do file identification (you can grep the code for magic). This project from google, magika might offer some benefit or improvement? As in maybe we use magika as a first step and then fall back to libmagic otherwise? Worth checking out.
mmguero
commented
1 week ago 