Building a network traffic analysis system: Deploying Malcolm on Amazon EC2

This is the first of two blog posts on the AWS Public Sector Blog about deploying Malcolm on Amazon AWS. It covers installing Malcolm on a single EC2 instance. The next post will cover deploying Malcolm on EKS.

For those of you more interested in scaling Malcolm using Kubernetes, you can check out our "still-in-beta" Helm chart and share your feedback in the issue tracker on that repo.

#AWS #EC2 #Malcolm #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov

#DHS #CISA is big on the building community aspect of #Malcolm right now, so as part of that we'll be having our first "Malcolm Office Hours" this Thursday. The plan is to have this monthly, every third Thursday, at 12pm Eastern time for 30 minutes. Details for the office hours can be found here. We'll be figuring out what works with this as we go and adjusting the format as needed. We hope to see any of you who might be interested there!

Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.

#HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #CISAgov

We've got a couple of new Malcolm videos up in the Training Tutorials: Installation and Setup playlist, including:

• Installing Malcolm on Microsoft Windows Using WSL (corresponding documentation)
• Configuring Malcolm (corresponding documentation)
• Configuring Hedgehog Linux (corresponding documentation)

Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.

#Malcolm #HedgehogLinux #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov #WSL #WSL2

Here are the slide decks for the presentations that were given at Mal.Con24. Enjoy!

Recordings of the presentations themselves will be available in the coming weeks.

Malcolm is a network traffic analysis tool suite for network security monitoring.

#Malcolm #HedgehogLinux #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov

Along with Mal.Con24 next week, CISA will be hosting a free Capture-the-Flag exercise.

See CISA ICS CTF 2024 for scenario details and ctf.cisaicsctf.com for registration.

• CTF Start: Saturday, August 31 at 1:00 p.m. EDT
• CTF End: Wednesday, September 4 at 12:00 p.m. EDT

#capturetheflag #CTF #Malcolm #HedgehogLinux #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov

Mal.Con '24 is only a week away. The schedule has been posted on the GitHub wiki along with some updates on other conference details. In-person registration is closed, but it's not too late to register for virtual attendance.

#Malcolm #HedgehogLinux #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov

We're pleased to announce the v24.08.0 release of Malcolm, a powerful, easily deployable traffic analysis tool suite for network security monitoring. This release contains minor features and enhancements, quite a few component updates (including Arkime v5.4.0, Zeek v7.0.0, and OpenSearch v2.16.0), and several bug fixes. See the release page for details and join the discussion on GitHub if you've got any questions about what's included in this release!

#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov