Malcolm v3.1.0
-
- Added support for EtherCAT (ICS protocol)
- Fixed and improved Spicy-based LDAP analyzer
- Detect VPN protocols IPsec, OpenVPN and WireGuard
-
New or improved
- Updated many Kibana dashboards and added dashbaords for newly-supported network protocols
- Improved output of debug logs from docker images
- Many minor improvements to underlying system for ISO installations
- Massively cut build time for Hedgehog ISO and Zeek Docker container by using .deb packages from released versions rather than building from source
- During build, install all Zeek plugins via zkg
-
Version updates
- Zeek v4.0.1
- Spicy v1.0.0
- Open Distro For Elasticsearch v1.13.2
- Yara v4.1.0
- Capa v1.6.3
- switch from centos:7 to amazonlinux:2 for base Docker image to build Kibana plugins
- stunnel v5.59
- NGINX v1.20.0
- LLVM/clang toolchain v11
- Flask-Cors v3.0.9 for Hedgehog kiosk interface (dependabot-flagged security alert)
- latest updates of various Zeek plugins, system and python packages, etc.
- all Python scripts updated to Python 3
-
Bugs fixed
- When LDAP authentication is used instead of BASIC authentication, show a landing page rather than a server error when attempting to browse to the local authentication management interface
- Fixed a regression bug where Malcolm fails to start correctly if not using UID/GID 1000:1000
- Don't automatically expose elasticsearch (and logstash) ports unless explicitly configured to do so
- freshclam should update the clamav database during docker image build