Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
There are other "subscriptions" that we can manage today (for example, external suricata rule sources, zeek intel feeds, etc.), do we want to have those lists be part of "policy" as well?
This is needs to be broken down into multiple sub-tasks, but we'll keep the high-level ideas here.
Users have requested a way to "manage sensors and rules" from Malcolm. What this has entailed in discussions is:
I'm going to create a "policy" label to assign to issues associated with this one.