Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
Both of these are done through NGINX so that it can be authenticated in one place for all of Malcolm (rather than in individual components like Arkime, Dashboards, etc., which would otherwise all have their own authentication).
We should look into adding SSO as a third method, based on whatever NGINX could support for that via plugins or whatever (keycloack, etc.).
Malcolm currently supports two authentication modes:
Both of these are done through NGINX so that it can be authenticated in one place for all of Malcolm (rather than in individual components like Arkime, Dashboards, etc., which would otherwise all have their own authentication).
We should look into adding SSO as a third method, based on whatever NGINX could support for that via plugins or whatever (keycloack, etc.).