#networksecuritymonitoring

2025-05-12

Here’s another reason why you need a balanced approach to detection and response, including #networksecuritymonitoring, and cannot simply rely on the integrity of the endpoint. techspot.com/news/107883-ranso

2025-05-06
2025-03-28
2025-03-19

#Malcolm (malcolm.fyi) v25.03.0 brings 🔐 auth via #Keycloak and with it #SSO, identity providers, and more! See the release notes github.com/cisagov/Malc... for more info! Malcolm is a powerful tool suite for NSM. #Zeek #Arkime #NetBox #Suricata #NetworkTrafficAnalysis #networksecuritymonitoring

The Malcolm landing page with Keycloak authentication enabled.
2025-03-19
2025-03-18

#DHS #CISA is big on the building community aspect of #Malcolm right now, so as part of that we'll be having our first "Malcolm Office Hours" this Thursday. The plan is to have this monthly, every third Thursday, at 12pm Eastern time for 30 minutes. Details for the office hours can be found here. We'll be figuring out what works with this as we go and adjusting the format as needed. We hope to see any of you who might be interested there!

Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.

#HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #CISAgov

2025-02-27
2025-01-17
2024-12-19

Malcolm (malcolm.fyi) v24.12.0 is out (github.com/cisagov/Malc...), with ✨enhancements, ✅component updates, and 🐛bug fixes. See the release notes for details. #Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #CyberSecurity

A screenshot of the Malcolm landing page, with links for Dashboards, Arkime, Netbox, Cyberchef, etc.
2024-12-19
2024-12-12

Surprisingly, #vector is a very efficient and flexible #logshipper.

When using it with #suricata, I was able to transmit more than 40k events per second via https. In the same setup, #filebeat barely reached 9kE/s with the lumberjack protocol.

vector.dev

#NetworkSecurityMonitoring #OpenSource

2024-12-11

It seems that #Suricata will not run with #Napatech drivers if the security.limit-noproc option is set to "true":

security:
# if true, prevents process creation from Suricata by calling
# setrlimit(RLIMIT_NPROC, 0)
limit-noproc: true

The process just ends up without further explanations. Took me a while to find out.

#NetworkSecurityMonitoring

2024-12-10

@suricata Are there any known tools for storing the #Suricata rules themselves (not the eve logs) in #elastic ?

This might be very useful for the analysts, if you could provide a reference in alerts to the originating rule via its rule id.

Converting the rules to JSON via @ish 's rjs might be a good first step.

#NetworkSecurityMonitoring

github.com/jasonish/suricatax-

2024-12-01

Today, I officially turned into an #InfoSec dinosaur. 25 years ago, I entered my first job in infosec as a scientific #researcher in a research establishment.

A topic that accompanied me through the entire time was #NetworkSecurityMonitoring, beginning in the late 1990's with the Network Flight Recorder (#NFR) and early versions of #snort and #bro.

2024-11-18
2024-10-25

We've got a couple of new Malcolm videos up in the Training Tutorials: Installation and Setup playlist, including:

Malcolm is a powerful, easily deployable network traffic analysis tool suite for network security monitoring.

#Malcolm #HedgehogLinux #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov #WSL #WSL2

2024-10-25
2024-10-01

Here are the slide decks for the presentations that were given at Mal.Con24. Enjoy!

Recordings of the presentations themselves will be available in the coming weeks.

Malcolm is a network traffic analysis tool suite for network security monitoring.

#Malcolm #HedgehogLinux #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov

Mal.Con24, the Malcolm user conference
2024-09-19

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst