Malcolm v24.08.0
Malcolm v24.08.0 contains minor improvements, some component version updates, and bug fixes.
- Features and enhancements
- in ISO installer, prompt to format other drives for artifact storage rather than just doing it automatically (#529)
- allow users to more easily add NetBox plugins (#530)
- run netbox-initializers plugin on startup even if we're doing a netbox database backup preload (#531)
- during auth_setup "all" operation, do required operations without prompting if the files don't already exist (#536)
- some containers need resource request specified for Kubernetes (#539)
- add "public" pseudo-segments for public IP addresses (#542)
- reworked Windows Event dashboard
- some documentation updates
- added
netbox
tag to any logs that are passed into thenetbox_enrich.rb
script in the Logstash enrichment pipeline
- Component version updates
- elasticsearch and elasticsearch-dsl Python libraries to v8.15.0
- Arkime to v5.4.0
- Beats to v8.15.0
- capa to v7.2.0
- evtx to v0.8.3
- Fluent Bit to v3.1.6
- fluent-bit-setup.ps1 helper script needs updated URLs (#541)
- Logstash to v8.15.0
- NetBox to v4.0.9
- OpenSearch and OpenSearch Dashboards to v2.16.0
- yq to v4.44.3
- Zeek to v7.0.0 (#535)
- Bug fixes
- dashboards-helper container's use of curl fails internal container name resolution when host has invalid DNS settings, prevents Malcolm initialization (#499)
- Netbox service templates not populating (#522)
- kubernetes manifest for netbox refers to netbox-netmap-json configmap which no longer exists (#540)
- don't try to expose the OpenSearch port 9200 in
docker-compose.yml
when the database mode is notopensearch-local
- improved the liveness check for the offline Zeek container so that it returns "healthy" if the intel thread feeds are still pulling before the monitoring processes start up
- missing cracklib-runtime package prevents ISO service account password from being updated by non-root user (#548)
Official ISO installer images for Malcolm and Hedgehog Linux can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split into 2GB chunks and can be reassembled with scripts provided for both Bash (release_cleaver.sh
) and PowerShell (release_cleaver.ps1
). See Downloading Malcolm - Installer ISOs for instructions.