Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
This issue is a meta-issue that will depend on other issues I'll log tracking the design, development and features related to how Malcolm will use NetBox (documentation, GitHub, site), particularly regarding interactions between NetBox's model of the network and Malcolm's network traffic metadata (collected from Zeek, Arkime, Suricata, etc.).
This feature is going to be broken down into (at least) the following sub-features. Some of these may end up being unfeasible, may be replaced or further broken down, or may be changed, but at the moment the ideas floating around are:
132
133
134
135
136
Each of these is a substantial piece of work. Development will be done incrementally and released as functionality is added.
Now that netbox is in place and has been released for a while, I'm going to close this meta-bug in favor of just tracking separate issues with netbox individually.
This issue is a meta-issue that will depend on other issues I'll log tracking the design, development and features related to how Malcolm will use NetBox (documentation, GitHub, site), particularly regarding interactions between NetBox's model of the network and Malcolm's network traffic metadata (collected from Zeek, Arkime, Suricata, etc.).
This feature is going to be broken down into (at least) the following sub-features. Some of these may end up being unfeasible, may be replaced or further broken down, or may be changed, but at the moment the ideas floating around are:
132
133
134
135
136
Each of these is a substantial piece of work. Development will be done incrementally and released as functionality is added.