Skip to content

Malcolm v1.7.0
Compare
Choose a tag to compare
@mmguero mmguero released this 28 Oct 19:46
v1.7.0
e2b96d8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Malcolm v1.7.0

idaholab/Malcolm@v1.6.0...v1.7.0

Malcolm v1.7.0 is a big release, with the following goodness:

  • Zeek 3.0
  • New parsers/analyzers, complete list:
    • Amazon.com, Inc.'s ICS protocol analyzers
    • Corelight's bro-xor-exe plugin
    • Corelight's community ID flow hashing plugin
    • J-Gras' Bro::AF_Packet plugin
    • Lexi Brent's EternalSafety plugin
    • MITRE Cyber Analytics Repository's Bro/Zeek ATT&CK-Based Analytics (BZAR) script
    • Salesforce's gQUIC analyzer
    • Salesforce's HASSH SSH fingerprinting plugin
    • Salesforce's JA3 TLS fingerprinting plugin
    • SoftwareConsultingEmporium's Bro::LDAP analyzer
  • Logstash: use the cidr plugin to assign internal_source, external_source, internal_destination, external_destination tags based on srcIp and dstIp Zeek logs
  • ISO installer tweaks
  • hardening compliance tweaks
  • Dashboards for all new protocols
  • Documentation updates
  • user account management (htadmin) improvements
  • bump Elastic to 6.8.4-oss
  • added human-readable names to types created with Moloch WISE
  • use ZeroMQ-based approach for file scanning queue
Assets 6
Loading