Skip to content

Malcolm v2.1.0
Compare
Choose a tag to compare
@mmguero mmguero released this 25 Jun 18:46
v2.1.0
454aada

Malcolm v2.1.0 contains new features and bug fixes.

idaholab/Malcolm@v2.0.5...v2.1.0

  • Incorporated some new Zeek scripts:

    • Cybera's Sniffpass plugin for detecting cleartext passwords in HTTP POST requests
    • Andrew Klaus's zeek-httpattacks plugin for detecting noncompliant HTTP requests
    • Johanna Amann's CVE-2020-0601 ECC certificate validation plugin

  • Kibana

    • new "actions and results" dashboard
    • sankey diagram
    • network visualization
    • general improvements and cleanup
    • drilldown both directions between Kibana <-> Moloch (issue #133)
    • many more links to external URLs for RFCs, port numbers, IANA, etc.
    • load all known field mappings at startup

  • Parsing/enrichment

    • added support for telnet/rsh/rlogin in Zeek and Logstash
    • better normalization of "zeek.action" field for many protocols (esp. SNMP and DNP3)
    • new normalization of success/result/status/error into "zeek.result"

  • NGINX

    • fix how NGINX works with CA certificates for trusted LDAP servers (issue #130 and #128)
    • fix #126 (ldap authentication no longer handles group membership correctly)

  • Misc bug fixes and improvements

    • fix #122 by installing bro-xor-exe-plugin correctly
    • fix #134 (wait until Elasticsearch has log data before starting ElastAlert)
    • improved the way Dockerfiles add external links
    • documentation improvements

  • Version updates

    • Zeek 3.0.7
    • Moloch 2.3.0

Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on Github, but may be downloaded from https://malcolm.fyi/download/.

Assets 7
Loading