Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
cisagov/icsnpp-enip#30 adds a "packet correlation ID" field to help correlate between enip and cip logs. This issue tracks the changes needed for Malcolm to do this.
mmguero
commented
1 month ago
cisagov/icsnpp-enip#30 adds a "packet correlation ID" field to help correlate between enip and cip logs. This issue tracks the changes needed for Malcolm to do this.