Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
Although this departs a bit from Malcolm's bread-and-butter of network traffic, it's been requested by some users to allow the upload of files containing windows event logs, which should be processed similar to if they had been forwarded by fluent-bit.
Things to figure out:
what file format are the windows event logs in
adding a third path (right now it's just PCAP goes on way, zeek logs go the other)
changing the documentation and UI for upload to indicate that these file types are also allowed
parsing of these events and hooking into the same code used to parse what's generated by fluent-bit
is there any way the source of the event logs? possibly tangentially related to idaholab/Malcolm#449
Currently the upload interface allows for uploading:
Although this departs a bit from Malcolm's bread-and-butter of network traffic, it's been requested by some users to allow the upload of files containing windows event logs, which should be processed similar to if they had been forwarded by fluent-bit.
Things to figure out: