Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
When following the quick start guide I didn't run into any issues following the "git clone" version of the instructions, but when following the instructions for what you download from releases there were a few issues I saw that cropped up:
The directory created into which the .tar.gz files are extracted needs to be chowned from root to the non-root user
It doesn't prompt you to pull the docker images like the git-cloned logic does
When following the quick start guide I didn't run into any issues following the "git clone" version of the instructions, but when following the instructions for what you download from releases there were a few issues I saw that cropped up: