Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
see the documentation here and search for Transfer self-signed client certificates to a remote log forwarder
When we do this on the Malcolm side, (in control.py, under the auth_setup stuff) we should generate the new certificates and send them on-the-fly, then delete them, rather than just re-using the filebeat/certs/ one.
see the documentation here and search for Transfer self-signed client certificates to a remote log forwarder
When we do this on the Malcolm side, (in control.py, under the auth_setup stuff) we should generate the new certificates and send them on-the-fly, then delete them, rather than just re-using the filebeat/certs/ one.