The Malcolm is a powerful suite of network analytics tools designed with network security in mind.
Although all the open source tools that make up Malcolm are already available and in general use, it provides an interface that makes it larger than the sum of its parts. While there are many other network analysis solutions, for all Linux distributions such as Security Onion to licensed products such as Splunk Enterprise Security, its creators Malcolm They are optimistic that its powerful combination of tools will fill a gap in the network security space that will make network traffic analysis accessible to many in both the public and private sectors, as well as to individual users.
- Easy to use- The Malcolm receives packages (PCAP) and Zeek logs (formerly Bro). These items can be downloaded via a simple browser-based interface or recorded live and forwarded to. In both cases, the data are automatically normalized, enriched and correlated for analysis.
- Powerful network analyzer- Visibility in network communications is provided through two intuitive interfaces: Kibana, a flexible data visualization plugin with dozens of predefined control panels that provide a quick overview of network protocols. And Moloch, a powerful tool for locating and detecting network sessions that contain suspicious security incidents.
- Improved growth- The Malcolm functions as a Docker complex, where it serves a specific function of the system. This Docker-based development model, combined with a few simple scripts for setting up and managing runtime, makes it Malcolm Suitable for fast deployment across multiple platforms and applications, whether it is long-term deployment on a Linux server, a Security Operations Center (SOC), or responding to events on a Macbook for individual use.
- Secure in communications - All communications with Malcolm, both from the user interface and from remote logging forwarders, are secured with industry standard encryption protocols.
- Open source program - The Malcolm It is made up of many well - known open source tools, making it an attractive alternative to security solutions that require paid licenses.
- Visibility of the control system- While the Malcolm is ideal for general purpose network traffic analysis, its creators see a particular need in the community for tools that provide information about protocols used in industrial control systems (ICS) environments. Its continuous development Malcolm aims to provide additional analyzers for common ICS protocols.
In short, the Malcolm provides an easy-to-use suite of network analysis tools for complete packet collection (PCAP files) and Zeek logs. While internet access is required to create it, it is not required when running it.
You will find the program installation guide as well as user functions here