cisagov/Malcolm issues and pull requests

#585 - include corelight/zeek-long-connections plugin to log long connections

Issue - State: closed - Opened by mmguero 10 days ago - 2 comments
Labels: enhancement, zeek

#582 - Using OpenSearch Cluster

Issue - State: closed - Opened by alleniverson33 11 days ago
Labels: enhancement

#580 - decouple redis from netbox

Issue - State: open - Opened by mmguero 14 days ago - 1 comment
Labels: docker, netbox

#577 - Arkime generates "legacy index templates" which are "deprecated in favor of composable index templates"

Issue - State: open - Opened by devilman85 15 days ago - 3 comments
Labels: enhancement, elastic, external

#575 - Investigate sandialabs/gait

Issue - State: open - Opened by mmguero 17 days ago
Labels: enhancement, zeek

#574 - clear screen after auth_setup when using Dialog mode

Issue - State: closed - Opened by mmguero 17 days ago
Labels: enhancement, UI, control.py

#573 - have netbox enrichment mark logs for newly-discovered devices

Issue - State: open - Opened by mmguero 17 days ago - 2 comments
Labels: enhancement, logstash, netbox

#568 - Hedgehog NIC identify (ethtool --identify) does not blink interface lights on some hardware

Issue - State: open - Opened by ee-hex-ee 22 days ago - 1 comment
Labels: bug, sensor

#567 - HedgeHog Kiosk event.dataset viewer

Issue - State: closed - Opened by ee-hex-ee 24 days ago
Labels: enhancement

#566 - HedgeHog Kiosk event.dataset viewer

Issue - State: open - Opened by ee-hex-ee 24 days ago
Labels: enhancement, sensor

#565 - prompt user before changing NetBox database passwords out from underneath existing database

Issue - State: closed - Opened by purplealien51 25 days ago - 6 comments
Labels: bug, netbox, control.py

#564 - Latest install.py script (25.01.0) drops local opensearch access

Issue - State: open - Opened by lelandmills 28 days ago - 1 comment
Labels: bug

#563 - Alias ILM Malcolm

Issue - State: closed - Opened by devilman85 about 1 month ago - 1 comment
Labels: elastic, opensearch

#562 - Hedgehog Linux in Docker

Issue - State: closed - Opened by devilman85 about 1 month ago - 1 comment
Labels: docker, capture, sensor

#560 - UFW software firewall for Malcolm ISO should automatically open ports for syslog

Issue - State: open - Opened by mmguero about 1 month ago - 1 comment
Labels: bug, iso, security

#559 - ANSI color codes from croc displayed in ssl-client-transmit

Issue - State: closed - Opened by mmguero about 1 month ago
Labels: bug, iso, sensor, UI

#558 - Malcolm v25.01.0

Pull Request - State: closed - Opened by mmguero about 1 month ago
Labels: release

#557 - use arm-hosted runners for GitHub build actions for arm64 images

Issue - State: closed - Opened by mmguero about 1 month ago
Labels: enhancement, release, github

#556 - replace logging component of file scanning

Issue - State: open - Opened by mmguero about 1 month ago
Labels: carving, logstash

#555 - document standards for supply chain and code provenance checking

Issue - State: open - Opened by mmguero about 1 month ago
Labels: doc, security

#554 - integrate omron fins parser

Issue - State: closed - Opened by mmguero about 1 month ago
Labels: enhancement, zeek, logstash, dashboards

#553 - update Zeek to feature release v7.1.0

Issue - State: closed - Opened by mmguero about 1 month ago - 1 comment
Labels: zeek, external

#552 - pivoting between Arkime and Dashboards doesn't work when Malcolm is behind a reverse proxy (e.g., traefik)

Issue - State: closed - Opened by mmguero about 1 month ago
Labels: bug, nginx, arkime, dashboards, UI

#551 - URL pivot links from dashboards to arkime

Issue - State: closed - Opened by mmguero about 1 month ago
Labels: enhancement

#550 - Malcolm as a TrueNAS app

Issue - State: open - Opened by mmguero about 1 month ago
Labels: enhancement, docker, external

#548 - Arkime container unhealthy

Issue - State: closed - Opened by devilman85 about 1 month ago - 1 comment
Labels: discussion

#547 - investigate performance improvements for netbox enrichment

Issue - State: open - Opened by mmguero about 1 month ago
Labels: netbox, performance

#546 - Building ISO using Docker instead of Vagrant

Issue - State: open - Opened by Nova38 about 1 month ago - 4 comments
Labels: enhancement, build, iso

#545 - Bump jinja2 from 3.1.4 to 3.1.5 in /hedgehog-iso/interface

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies

#544 - Script Upgrade version

Issue - State: closed - Opened by devilman85 about 1 month ago - 1 comment
Labels: enhancement

#543 - add navigation pane to non-network dashboards

Issue - State: closed - Opened by mmguero about 1 month ago
Labels: enhancement, dashboards, UI

#542 - user-defined custom field formats for index patterns can get overwritten by Malcolm

Issue - State: closed - Opened by mmguero about 1 month ago - 2 comments
Labels: bug, dashboards, opensearch

#541 - ensure all conn.log entries are tagged "ics" for OT protocols

Issue - State: closed - Opened by mmguero 2 months ago - 2 comments
Labels: enhancement, zeek, logstash, ics

#540 - port numbers should not be shown with commas in Dashboards

Issue - State: closed - Opened by mmguero 2 months ago - 1 comment
Labels: bug, dashboards, opensearch, UI

#534 - Malcolm v24.12.0

Pull Request - State: open - Opened by mmguero 2 months ago
Labels: release

#533 - opensearch.keystore not created when running in Hedgehog profile

Issue - State: closed - Opened by mmguero 2 months ago
Labels: bug, control.py

#532 - provide configuration options for pulling from threat intel feeds

Issue - State: closed - Opened by mmguero 2 months ago
Labels: enhancement, zeek, install.py, intel

#531 - standardize look-and-feel of Malcolm local user management interface

Issue - State: open - Opened by mmguero 2 months ago
Labels: enhancement, UI

#530 - standardize look-and-feel of Malcolm upload interface

Issue - State: open - Opened by mmguero 2 months ago
Labels: enhancement, upload, UI

#528 - add simple readiness indicator to upload page

Issue - State: closed - Opened by mmguero 2 months ago - 1 comment
Labels: enhancement, upload, UI

#527 - expand test suite framework to run on top of docker and vagrant in addition to virter

Issue - State: open - Opened by mmguero 2 months ago
Labels: enhancement, docker, testing

#526 - trim test suite artifact data down to bare minimum

Issue - State: open - Opened by mmguero 2 months ago
Labels: enhancement, testing

#525 - evtx fields that need to be added to index template

Issue - State: closed - Opened by mmguero 2 months ago - 2 comments
Labels: bug, logstash, dashboards, opensearch, host logs

#524 - extracted_files_http_server.py not working with some filenames

Issue - State: closed - Opened by mmguero 2 months ago
Labels: bug, carving, UI

#523 - netbox rest api

Issue - State: closed - Opened by alleniverson33 2 months ago - 1 comment
Labels: duplicate

#522 - Logstash Unhealthy

Issue - State: closed - Opened by devilman85 3 months ago - 11 comments
Labels: invalid, logstash

#521 - repo for Zeek debs does't have old releases, which can cause Malcolm Zeek builds to fail

Issue - State: closed - Opened by reuteras 3 months ago - 3 comments
Labels: bug, zeek, build

#519 - test suite: home for PCAPs

Issue - State: closed - Opened by mmguero 3 months ago - 1 comment
Labels: testing, github

#518 - test suite: initial tests

Issue - State: closed - Opened by mmguero 3 months ago
Labels: testing

#514 - opensearch.keystore not created

Issue - State: closed - Opened by jvlavl 3 months ago - 2 comments
Labels: bug

#514 - opensearch.keystore not created

Issue - State: closed - Opened by jvlavl 3 months ago - 2 comments
Labels: bug

#513 - The problem of data latency when network traffic is particularly high

Issue - State: closed - Opened by alleniverson33 3 months ago - 3 comments
Labels: performance, suricata

#512 - Logstash to Remote ElasticSearch

Issue - State: closed - Opened by devilman85 3 months ago - 7 comments

#511 - Hedgehog Linux: Blank Screen Issue with Raspberry Pi Official Touchscreen After Boot

Issue - State: open - Opened by TanayBole 3 months ago
Labels: bug, minihog

#511 - Hedgehog Linux: Blank Screen Issue with Raspberry Pi Official Touchscreen After Boot

Issue - State: open - Opened by TanayBole 3 months ago
Labels: bug, minihog

#509 - Zeek DNS records don't open correctly in Arkime sessions

Issue - State: closed - Opened by mmguero 3 months ago - 1 comment
Labels: bug, zeek, arkime, opensearch, regression

#509 - Zeek DNS records don't open correctly in Arkime sessions

Issue - State: closed - Opened by mmguero 3 months ago - 1 comment
Labels: bug, zeek, arkime, opensearch, regression

#508 - Not Populate Malcolm_beats_*

Issue - State: closed - Opened by devilman85 3 months ago - 11 comments
Labels: bug

#507 - The Suricata alert did not appear on the dashboard

Issue - State: closed - Opened by alleniverson33 3 months ago - 3 comments
Labels: bug

#506 - updates to documentation for Docker-based installation examples

Issue - State: open - Opened by mmguero 3 months ago - 1 comment
Labels: doc

#506 - updates to documentation for Docker-based installation examples

Issue - State: open - Opened by mmguero 3 months ago - 1 comment
Labels: doc

#505 - yes/no/back dialog buttons in install/configure scripts don't work correctly on Ubuntu 22.04

Issue - State: open - Opened by mmguero 3 months ago - 1 comment
Labels: bug, install.py, UI

#504 - prompt during configuration whether to enable capture statistics

Issue - State: closed - Opened by mmguero 3 months ago
Labels: enhancement, zeek, install.py, sensor, suricata

#503 - Issue regarding installation of netbox

Issue - State: closed - Opened by S1ubb 3 months ago - 1 comment
Labels: bug, netbox

#503 - Issue regarding installation of netbox

Issue - State: closed - Opened by S1ubb 3 months ago - 1 comment
Labels: bug, netbox

#502 - extend intel.log with additional fields using corelight/ExtendIntel

Issue - State: open - Opened by mmguero 3 months ago
Labels: enhancement, zeek, logstash, external, arkime, dashboards, intel

#501 - somehow NetBox gets into a read-only mode

Issue - State: closed - Opened by mmguero 3 months ago - 1 comment
Labels: bug, netbox

#497 - Forward Logstash logs to a secondary remote document store

Issue - State: closed - Opened by devilman85 3 months ago - 1 comment
Labels: enhancement

#496 - bring netbox up-to-date with the current released version

Issue - State: closed - Opened by mmguero 3 months ago - 1 comment
Labels: docker, netbox

#495 - use new arkime tag-hiding feature to hide netbox tag from UI

Issue - State: closed - Opened by mmguero 3 months ago
Labels: enhancement, arkime

#494 - Mandiant threat intel source doesn't get split correctly when using JSON zeek log format

Issue - State: open - Opened by mmguero 3 months ago
Labels: bug, zeek, logstash

#494 - Mandiant threat intel source doesn't get split correctly when using JSON zeek log format

Issue - State: closed - Opened by mmguero 3 months ago
Labels: bug, zeek, logstash

#493 - Malcolm v24.11.0

Pull Request - State: closed - Opened by mmguero 3 months ago
Labels: release

#492 - fixed errors when running appliance packager on macOS

Pull Request - State: closed - Opened by robrui 3 months ago - 2 comments

#491 - standardize container health checks into scripts for all docker containers

Issue - State: closed - Opened by mmguero 4 months ago - 1 comment
Labels: enhancement, docker, cloud

#490 - uploading zeek log files with rolled-over filenames including the date don't get the log type detected correctly

Issue - State: open - Opened by mmguero 4 months ago
Labels: bug, upload, logstash, regression

#490 - uploading zeek log files with rolled-over filenames including the date don't get the log type detected correctly

Issue - State: open - Opened by mmguero 4 months ago
Labels: bug, upload, logstash, regression

#489 - Opensearch running abnormally

Issue - State: closed - Opened by alleniverson33 4 months ago - 3 comments
Labels: bug

#489 - Opensearch running abnormally

Issue - State: closed - Opened by alleniverson33 4 months ago - 3 comments
Labels: bug

#488 - Add ingest-stats API

Issue - State: closed - Opened by mmguero 4 months ago
Labels: enhancement, api, testing

#488 - Add ingest-stats API

Issue - State: closed - Opened by mmguero 4 months ago
Labels: enhancement, api, testing

#487 - OpenSearch to Splunk export/searching capabilities

Issue - State: open - Opened by mmguero 4 months ago - 1 comment
Labels: enhancement, research, opensearch

#487 - OpenSearch to Splunk export/searching capabilities

Issue - State: open - Opened by mmguero 4 months ago - 1 comment
Labels: enhancement, research, opensearch

#486 - automated testing

Issue - State: closed - Opened by mmguero 4 months ago - 1 comment
Labels: testing

#486 - automated testing

Issue - State: open - Opened by mmguero 4 months ago
Labels: testing

#485 - investigate Strelka for file scanning

Issue - State: open - Opened by mmguero 4 months ago
Labels: enhancement, research, carving

#485 - investigate Strelka for file scanning

Issue - State: open - Opened by mmguero 4 months ago - 1 comment
Labels: enhancement, research, carving

#484 - not parsing Profinet Real-Time Protocol directly on ethernet frame

Issue - State: open - Opened by mmguero 4 months ago - 3 comments
Labels: zeek, ics

#484 - not parsing Profinet Real-Time Protocol directly on ethernet frame

Issue - State: open - Opened by mmguero 4 months ago - 3 comments
Labels: zeek, ics

#483 - install.py should recommend different settings for minimal memory instances, if possible

Issue - State: open - Opened by mmguero 4 months ago
Labels: install.py, opensearch, performance

#483 - install.py should recommend different settings for minimal memory instances, if possible

Issue - State: open - Opened by mmguero 4 months ago
Labels: install.py, opensearch, performance

#482 - support HTTP proxy for geoip database, rule updates, etc.

Issue - State: open - Opened by mmguero 4 months ago
Labels: enhancement

#482 - support HTTP proxy for geoip database, rule updates, etc.

Issue - State: open - Opened by mmguero 4 months ago
Labels: enhancement

#481 - replace logstash with fluentd

Issue - State: open - Opened by mmguero 4 months ago - 2 comments
Labels: enhancement, research, beats, logstash, sensor

#481 - replace logstash with fluentd

Issue - State: open - Opened by mmguero 4 months ago - 4 comments
Labels: enhancement, research, beats, logstash, sensor

#480 - AIDE false positives in ISO-installed Hedgehog and Malcolm

Issue - State: open - Opened by mmguero 4 months ago - 1 comment
Labels: bug, Linux, iso, security

#480 - AIDE false positives in ISO-installed Hedgehog and Malcolm

Issue - State: open - Opened by mmguero 4 months ago - 1 comment
Labels: bug, Linux, iso, security

#479 - optimize OpenSearch index storage

Issue - State: open - Opened by mmguero 4 months ago
Labels: opensearch, performance

#479 - optimize OpenSearch index storage

Issue - State: open - Opened by mmguero 4 months ago
Labels: opensearch, performance

#478 - Compare NetBox inventory with database of known vulnerabilities

Issue - State: open - Opened by mmguero 4 months ago - 6 comments
Labels: enhancement, external, netbox

GitHub / cisagov/Malcolm issues and pull requests