Here’s another reason why you need a balanced approach to detection and response, including #networksecuritymonitoring, and cannot simply rely on the integrity of the endpoint. https://www.techspot.com/news/107883-ransomware-can-now-run-directly-cpu-researcher-warns.html

#Malcolm (malcolm.fyi) v25.03.0 brings 🔐 auth via #Keycloak and with it #SSO, identity providers, and more! See the release notes github.com/cisagov/Malc... for more info! Malcolm is a powerful tool suite for NSM. #Zeek #Arkime #NetBox #Suricata #NetworkTrafficAnalysis #networksecuritymonitoring

#DHS #CISA is big on the building community aspect of #Malcolm right now, so as part of that we'll be having our first "Malcolm Office Hours" this Thursday. The plan is to have this monthly, every third Thursday, at 12pm Eastern time for 30 minutes. Details for the office hours can be found here. We'll be figuring out what works with this as we go and adjusting the format as needed. We hope to see any of you who might be interested there!

Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.

#HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #CISAgov

Malcolm v25.01.0 is out! See the release notes for details! malcolm.fyi github.com/cisagov/Malc... #Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec

Malcolm

Malcolm (malcolm.fyi) v24.12.0 is out (github.com/cisagov/Malc...), with ✨enhancements, ✅component updates, and 🐛bug fixes. See the release notes for details. #Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #CyberSecurity

Surprisingly, #vector is a very efficient and flexible #logshipper.

When using it with #suricata, I was able to transmit more than 40k events per second via https. In the same setup, #filebeat barely reached 9kE/s with the lumberjack protocol.

https://vector.dev

#NetworkSecurityMonitoring #OpenSource

It seems that #Suricata will not run with #Napatech drivers if the security.limit-noproc option is set to "true":

security:
# if true, prevents process creation from Suricata by calling
# setrlimit(RLIMIT_NPROC, 0)
limit-noproc: true

The process just ends up without further explanations. Took me a while to find out.

#NetworkSecurityMonitoring

@suricata Are there any known tools for storing the #Suricata rules themselves (not the eve logs) in #elastic ?

This might be very useful for the analysts, if you could provide a reference in alerts to the originating rule via its rule id.

Converting the rules to JSON via @ish 's rjs might be a good first step.

#NetworkSecurityMonitoring

https://github.com/jasonish/suricatax-rule-parser-rs

Today, I officially turned into an #InfoSec dinosaur. 25 years ago, I entered my first job in infosec as a scientific #researcher in a research establishment.

A topic that accompanied me through the entire time was #NetworkSecurityMonitoring, beginning in the late 1990's with the Network Flight Recorder (#NFR) and early versions of #snort and #bro.

We've got a couple of new Malcolm videos up in the Training Tutorials: Installation and Setup playlist, including:

• Installing Malcolm on Microsoft Windows Using WSL (corresponding documentation)
• Configuring Malcolm (corresponding documentation)
• Configuring Hedgehog Linux (corresponding documentation)

Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.

#Malcolm #HedgehogLinux #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov #WSL #WSL2

Here are the slide decks for the presentations that were given at Mal.Con24. Enjoy!

Recordings of the presentations themselves will be available in the coming weeks.

Malcolm is a network traffic analysis tool suite for network security monitoring.

#Malcolm #HedgehogLinux #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov