cisagov Malcolm Q-a Discussions
Q&A Discussions
-
You must be logged in to vote oinkcode (PRO code)
enhancementNew feature or request suricataRelating to Malcolm's use of Suricata -
You must be logged in to vote accessing PCAP for processing remotely?
uploadRelating to PCAP and/or Zeek log ingestion -
You must be logged in to vote monitoring for data exfiltration
dashboardsRelating to Malcolm's OpenSearch Dashboards interface opensearchRelating to Malcolm's use of OpenSearch -
You must be logged in to vote Malcolm and Suricata alert IP association issue
suricataRelating to Malcolm's use of Suricata -
You must be logged in to vote -
You must be logged in to vote Questions about ENV_PCAP_FILTER
captureRelating to pcap-capture container -
You must be logged in to vote Regarding Performance Monitoring
elasticRelated to issue with external ElasticSearch/Kibana output logstashRelating to Malcolm's use of Logstash opensearchRelating to Malcolm's use of OpenSearch performanceRelated to speed/performance -
You must be logged in to vote File extraction configuration conflicts with zeek default extraction
bugSomething isn't working -
You must be logged in to vote -
You must be logged in to vote Forward remote Zeek logs to Malcolm for analysis in Dashboards and Arkime
zeekRelating to Malcolm's use of Zeek logstashRelating to Malcolm's use of Logstash externalDepends on a bug or feature external to this project -
You must be logged in to vote Permission Error Running suricata-update list-sources in Suricata Container
suricataRelating to Malcolm's use of Suricata -
You must be logged in to vote -
You must be logged in to vote -
You must be logged in to vote Zeek/Suricata Alerts without matching PCAP
arkimeRelating to Malcolm's use of Arkime -
You must be logged in to vote supressing noisy Suricata rules with thresholding
suricataRelating to Malcolm's use of Suricata -
You must be logged in to vote -
You must be logged in to vote -
You must be logged in to vote Can Zeek send an alert if a new device/IP shows up on scans?
enhancementNew feature or request netboxRelated to Malcolm's use of NetBox -
You must be logged in to vote -
You must be logged in to vote -
You must be logged in to vote malcolm in vxlan
captureRelating to pcap-capture container -
You must be logged in to vote WISE on Malcolm
enhancementNew feature or request arkimeRelating to Malcolm's use of Arkime -
You must be logged in to vote How to Read PCAPs and Generate Logs with Zeek and Suricata in Hedgehog
uploadRelating to PCAP and/or Zeek log ingestion -
You must be logged in to vote
