Skip to content

Commit

Permalink
2.2.1 (#147)
Browse files Browse the repository at this point in the history 
Very minor bugfix release.
  • Loading branch information
@mmguero
mmguero authored Aug 17, 2020
1 parent d34dcc6 commit 64f20fb
Show file tree
Hide file tree
Showing 7 changed files with 69 additions and 69 deletions.
70 changes: 35 additions & 35 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,22 +156,22 @@ You can then observe that the images have been retrieved by running `docker imag
```
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
malcolmnetsec/curator 2.2.0 xxxxxxxxxxxx 20 hours ago 246MB
malcolmnetsec/elastalert 2.2.0 xxxxxxxxxxxx 20 hours ago 408MB
malcolmnetsec/elasticsearch-oss 2.2.0 xxxxxxxxxxxx 20 hours ago 693MB
malcolmnetsec/filebeat-oss 2.2.0 xxxxxxxxxxxx 20 hours ago 474MB
malcolmnetsec/file-monitor 2.2.0 xxxxxxxxxxxx 20 hours ago 386MB
malcolmnetsec/file-upload 2.2.0 xxxxxxxxxxxx 20 hours ago 199MB
malcolmnetsec/freq 2.2.0 xxxxxxxxxxxx 20 hours ago 390MB
malcolmnetsec/htadmin 2.2.0 xxxxxxxxxxxx 20 hours ago 180MB
malcolmnetsec/kibana-oss 2.2.0 xxxxxxxxxxxx 20 hours ago 1.07GB
malcolmnetsec/logstash-oss 2.2.0 xxxxxxxxxxxx 20 hours ago 1.05GB
malcolmnetsec/moloch 2.2.0 xxxxxxxxxxxx 20 hours ago 667MB
malcolmnetsec/name-map-ui 2.2.0 xxxxxxxxxxxx 20 hours ago 134MB
malcolmnetsec/nginx-proxy 2.2.0 xxxxxxxxxxxx 20 hours ago 118MB
malcolmnetsec/pcap-capture 2.2.0 xxxxxxxxxxxx 20 hours ago 111MB
malcolmnetsec/pcap-monitor 2.2.0 xxxxxxxxxxxx 20 hours ago 156MB
malcolmnetsec/zeek 2.2.0 xxxxxxxxxxxx 20 hours ago 442MB
malcolmnetsec/curator 2.2.1 xxxxxxxxxxxx 20 hours ago 246MB
malcolmnetsec/elastalert 2.2.1 xxxxxxxxxxxx 20 hours ago 408MB
malcolmnetsec/elasticsearch-oss 2.2.1 xxxxxxxxxxxx 20 hours ago 693MB
malcolmnetsec/filebeat-oss 2.2.1 xxxxxxxxxxxx 20 hours ago 474MB
malcolmnetsec/file-monitor 2.2.1 xxxxxxxxxxxx 20 hours ago 386MB
malcolmnetsec/file-upload 2.2.1 xxxxxxxxxxxx 20 hours ago 199MB
malcolmnetsec/freq 2.2.1 xxxxxxxxxxxx 20 hours ago 390MB
malcolmnetsec/htadmin 2.2.1 xxxxxxxxxxxx 20 hours ago 180MB
malcolmnetsec/kibana-oss 2.2.1 xxxxxxxxxxxx 20 hours ago 1.07GB
malcolmnetsec/logstash-oss 2.2.1 xxxxxxxxxxxx 20 hours ago 1.05GB
malcolmnetsec/moloch 2.2.1 xxxxxxxxxxxx 20 hours ago 667MB
malcolmnetsec/name-map-ui 2.2.1 xxxxxxxxxxxx 20 hours ago 134MB
malcolmnetsec/nginx-proxy 2.2.1 xxxxxxxxxxxx 20 hours ago 118MB
malcolmnetsec/pcap-capture 2.2.1 xxxxxxxxxxxx 20 hours ago 111MB
malcolmnetsec/pcap-monitor 2.2.1 xxxxxxxxxxxx 20 hours ago 156MB
malcolmnetsec/zeek 2.2.1 xxxxxxxxxxxx 20 hours ago 442MB
```

#### Import from pre-packaged tarballs
Expand Down Expand Up @@ -983,7 +983,7 @@ Moloch's **SPI** (**S**ession **P**rofile **I**nformation) **View** provides a q

![Moloch's SPIView](./docs/images/screenshots/moloch_spiview.png)

Click the the plus **** icon to the right of a category to expand it. The values for specific fields are displayed by clicking the field description in the field list underneatn the category name. The list of field names can be filtered by typing part of the field name in the *Search for fields to display in this category* text input. The **Load All** and **Unload All** buttons can be used to toggle display of all of the fields belonging to that category. Once displayed, a field's name or one of its values may be clicked to provide further actions for filtering or displaying that field or its values. Of particular interest may be the **Open [fieldname] SPI Graph** option when clicking on a field's name. This will open a new tab with the SPI Graph ([see below](#MolochSPIGraph)) populated with the field's top values.
Click the the plus **** icon to the right of a category to expand it. The values for specific fields are displayed by clicking the field description in the field list underneath the category name. The list of field names can be filtered by typing part of the field name in the *Search for fields to display in this category* text input. The **Load All** and **Unload All** buttons can be used to toggle display of all of the fields belonging to that category. Once displayed, a field's name or one of its values may be clicked to provide further actions for filtering or displaying that field or its values. Of particular interest may be the **Open [fieldname] SPI Graph** option when clicking on a field's name. This will open a new tab with the SPI Graph ([see below](#MolochSPIGraph)) populated with the field's top values.

Note that because the SPIView page can potentially run many queries, SPIView limits the search domain to seven days (in other words, seven indices, as each index represents one day's worth of data). When using SPIView, you will have best results if you limit your search time frame to less than or equal to seven days. This limit can be adjusted by editing the `spiDataMaxIndices` setting in [config.ini](./etc/moloch/config.ini) and rebuilding the `malcolmnetsec/moloch` docker container.

Expand All @@ -1005,7 +1005,7 @@ The **Connections** page presents network communications via a force-directed gr

![Moloch's Connections graph](./docs/images/screenshots/moloch_connections.png)

Controls are available for specifying the query size (where smaller values will execute more quickly but may only contain an incomplete representation of the top *n* sessions, and larger values may take longer to execute but will be more complete), which fields to use as the source and destionation for node values, a minimum connections threshold, and the method for determining the "weight" of the link between two nodes. As is the case with most other visualizations in Moloch, the graph is interactive: clicking on a node or the link between two nodes can be used to modify query filters, and the nodes themselves may be repositioned by dragging and dropping them. A node's color indicates whether it communicated as a source/originator, a destination/responder, or both.
Controls are available for specifying the query size (where smaller values will execute more quickly but may only contain an incomplete representation of the top *n* sessions, and larger values may take longer to execute but will be more complete), which fields to use as the source and destination for node values, a minimum connections threshold, and the method for determining the "weight" of the link between two nodes. As is the case with most other visualizations in Moloch, the graph is interactive: clicking on a node or the link between two nodes can be used to modify query filters, and the nodes themselves may be repositioned by dragging and dropping them. A node's color indicates whether it communicated as a source/originator, a destination/responder, or both.

While the default source and destination fields are *Src IP* and *Dst IP:Dst Port*, the Connections view is able to use any combination of any of the fields populated by Moloch and Zeek. For example:

Expand Down Expand Up @@ -1415,7 +1415,7 @@ Building the ISO may take 30 minutes or more depending on your system. As the bu

```
Finished, created "/malcolm-build/malcolm-iso/malcolm-2.2.0.iso"
Finished, created "/malcolm-build/malcolm-iso/malcolm-2.2.1.iso"
```

Expand Down Expand Up @@ -1810,22 +1810,22 @@ Pulling zeek ... done
user@host:~/Malcolm$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
malcolmnetsec/curator 2.2.0 xxxxxxxxxxxx 20 hours ago 246MB
malcolmnetsec/elastalert 2.2.0 xxxxxxxxxxxx 20 hours ago 408MB
malcolmnetsec/elasticsearch-oss 2.2.0 xxxxxxxxxxxx 20 hours ago 693MB
malcolmnetsec/filebeat-oss 2.2.0 xxxxxxxxxxxx 20 hours ago 474MB
malcolmnetsec/file-monitor 2.2.0 xxxxxxxxxxxx 20 hours ago 386MB
malcolmnetsec/file-upload 2.2.0 xxxxxxxxxxxx 20 hours ago 199MB
malcolmnetsec/freq 2.2.0 xxxxxxxxxxxx 20 hours ago 390MB
malcolmnetsec/htadmin 2.2.0 xxxxxxxxxxxx 20 hours ago 180MB
malcolmnetsec/kibana-oss 2.2.0 xxxxxxxxxxxx 20 hours ago 1.07GB
malcolmnetsec/logstash-oss 2.2.0 xxxxxxxxxxxx 20 hours ago 1.05GB
malcolmnetsec/moloch 2.2.0 xxxxxxxxxxxx 20 hours ago 667MB
malcolmnetsec/name-map-ui 2.2.0 xxxxxxxxxxxx 20 hours ago 134MB
malcolmnetsec/nginx-proxy 2.2.0 xxxxxxxxxxxx 20 hours ago 118MB
malcolmnetsec/pcap-capture 2.2.0 xxxxxxxxxxxx 20 hours ago 111MB
malcolmnetsec/pcap-monitor 2.2.0 xxxxxxxxxxxx 20 hours ago 156MB
malcolmnetsec/zeek 2.2.0 xxxxxxxxxxxx 20 hours ago 442MB
malcolmnetsec/curator 2.2.1 xxxxxxxxxxxx 20 hours ago 246MB
malcolmnetsec/elastalert 2.2.1 xxxxxxxxxxxx 20 hours ago 408MB
malcolmnetsec/elasticsearch-oss 2.2.1 xxxxxxxxxxxx 20 hours ago 693MB
malcolmnetsec/filebeat-oss 2.2.1 xxxxxxxxxxxx 20 hours ago 474MB
malcolmnetsec/file-monitor 2.2.1 xxxxxxxxxxxx 20 hours ago 386MB
malcolmnetsec/file-upload 2.2.1 xxxxxxxxxxxx 20 hours ago 199MB
malcolmnetsec/freq 2.2.1 xxxxxxxxxxxx 20 hours ago 390MB
malcolmnetsec/htadmin 2.2.1 xxxxxxxxxxxx 20 hours ago 180MB
malcolmnetsec/kibana-oss 2.2.1 xxxxxxxxxxxx 20 hours ago 1.07GB
malcolmnetsec/logstash-oss 2.2.1 xxxxxxxxxxxx 20 hours ago 1.05GB
malcolmnetsec/moloch 2.2.1 xxxxxxxxxxxx 20 hours ago 667MB
malcolmnetsec/name-map-ui 2.2.1 xxxxxxxxxxxx 20 hours ago 134MB
malcolmnetsec/nginx-proxy 2.2.1 xxxxxxxxxxxx 20 hours ago 118MB
malcolmnetsec/pcap-capture 2.2.1 xxxxxxxxxxxx 20 hours ago 111MB
malcolmnetsec/pcap-monitor 2.2.1 xxxxxxxxxxxx 20 hours ago 156MB
malcolmnetsec/zeek 2.2.1 xxxxxxxxxxxx 20 hours ago 442MB
```

Finally, we can start Malcolm. When Malcolm starts it will stream informational and debug messages to the console. If you wish, you can safely close the console or use `Ctrl+C` to stop these messages; Malcolm will continue running in the background.
Expand Down
32 changes: 16 additions & 16 deletions docker-compose-standalone.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ x-pcap-capture-variables: &pcap-capture-variables

services:
elasticsearch:
image: malcolmnetsec/elasticsearch-oss:2.2.0
image: malcolmnetsec/elasticsearch-oss:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -157,7 +157,7 @@ services:
retries: 3
start_period: 180s
kibana:
image: malcolmnetsec/kibana-oss:2.2.0
image: malcolmnetsec/kibana-oss:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -183,7 +183,7 @@ services:
retries: 3
start_period: 210s
elastalert:
image: malcolmnetsec/elastalert:2.2.0
image: malcolmnetsec/elastalert:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -211,7 +211,7 @@ services:
retries: 3
start_period: 210s
curator:
image: malcolmnetsec/curator:2.2.0
image: malcolmnetsec/curator:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -230,7 +230,7 @@ services:
retries: 3
start_period: 30s
logstash:
image: malcolmnetsec/logstash-oss:2.2.0
image: malcolmnetsec/logstash-oss:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -263,7 +263,7 @@ services:
retries: 3
start_period: 600s
filebeat:
image: malcolmnetsec/filebeat-oss:2.2.0
image: malcolmnetsec/filebeat-oss:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -300,7 +300,7 @@ services:
retries: 3
start_period: 60s
moloch:
image: malcolmnetsec/moloch:2.2.0
image: malcolmnetsec/moloch:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand Down Expand Up @@ -339,7 +339,7 @@ services:
retries: 3
start_period: 210s
zeek:
image: malcolmnetsec/zeek:2.2.0
image: malcolmnetsec/zeek:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -365,7 +365,7 @@ services:
retries: 3
start_period: 60s
file-monitor:
image: malcolmnetsec/file-monitor:2.2.0
image: malcolmnetsec/file-monitor:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -385,7 +385,7 @@ services:
retries: 3
start_period: 60s
pcap-capture:
image: malcolmnetsec/pcap-capture:2.2.0
image: malcolmnetsec/pcap-capture:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -411,7 +411,7 @@ services:
retries: 3
start_period: 60s
pcap-monitor:
image: malcolmnetsec/pcap-monitor:2.2.0
image: malcolmnetsec/pcap-monitor:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -434,7 +434,7 @@ services:
retries: 3
start_period: 90s
upload:
image: malcolmnetsec/file-upload:2.2.0
image: malcolmnetsec/file-upload:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -460,7 +460,7 @@ services:
retries: 3
start_period: 60s
htadmin:
image: malcolmnetsec/htadmin:2.2.0
image: malcolmnetsec/htadmin:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -482,7 +482,7 @@ services:
retries: 3
start_period: 60s
freq:
image: malcolmnetsec/freq:2.2.0
image: malcolmnetsec/freq:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -500,7 +500,7 @@ services:
retries: 3
start_period: 60s
name-map-ui:
image: malcolmnetsec/name-map-ui:2.2.0
image: malcolmnetsec/name-map-ui:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand All @@ -521,7 +521,7 @@ services:
retries: 3
start_period: 60s
nginx-proxy:
image: malcolmnetsec/nginx-proxy:2.2.0
image: malcolmnetsec/nginx-proxy:2.2.1
restart: "no"
stdin_open: false
tty: true
Expand Down
Loading

0 comments on commit 64f20fb

Please sign in to comment.