cisagov / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
https://cisagov.github.io/Malcolm/
Other
1.96k stars 327 forks source link
arkime cybersecurity infosec network-security network-traffic-analysis networksecurity networktrafficanalysis opensearch opensearch-dashboards pcap security suricata zeek

Malcolm

Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind:

Although all the open-source tools that make up Malcolm are already available and in general use, Malcolm provides a framework of interconnectivity that makes it greater than the sum of its parts.

In short, Malcolm provides an easily deployable traffic analysis tool suite for network security monitoring.

Documentation

See the Malcolm documentation.

Share your feedback

You can help steer Malcolm's development by sharing your ideas and feedback. Please take a few minutes to complete this survey ↪ (hosted on Google Forms) so we can understand the members of the Malcolm community and their use cases for this tool.

Copyright and License

Malcolm is Copyright 2024 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.

Malcolm is licensed under the Apache License, version 2.0. See LICENSE.txt for the terms of its release.

Contact information of author(s):

malcolm@inl.gov