Skip to content

Malcolm v5.2.5
Compare
Choose a tag to compare
@mmguero mmguero released this 15 Feb 23:46
· 3444 commits to main since this release
v5.2.5
17751f1

Malcolm v5.2.5 is a patch release with improvements and bug fixes.

v5.2.4...v5.2.5

  • Threat Intelligence

    • idaholab#77 - automatically generate Zeek intelligence indicators from MISP
    • perform autogeneration of Zeek intel files from TAXII/MISP feeds multithreaded
    • allow filtering indicators from TAXII/MISP by date (e.g., "only include those created/modified in the last n days", etc.)
    • added intelligence hits as a new severity ranked category
    • highlight intel sources more clearly in dashboard

  • Hedgehog Linux (sensor appliance)

    • added sensormonitor convenience function to monitor services, disk space and logs

  • Bug fixes

    • Remove CIP fields no longer supplied by the ICSNPP EtherNet/IP parser and update dashboard accordingly
    • idaholab#76 - directory creation race condition starting up zeek on sensor which may cause zeekctl to fail
    • #189 - mount destination [/opt/zeek/share/zeek/site/intel] not absolute: unknown

Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/download/.

Assets 7
Loading