Malcolm A network analysis tool

Malcolm is a powerful suite of network analytics tools designed with network security in mind.

Although all ανοιχτού κώδικα που αποτελούν το Malcolm είναι ήδη διαθέσιμα και σε γενική χρήση, παρέχει ένα πλαίσιο διασύνδεσης που το καθιστά μεγαλύτερο από το άθροισμα των μερών του. Ενώ υπάρχουν πολλές άλλες λύσεις για ανάλυση δικτύου, για όλες τις διανομές Linux όπως το Security Onion έως προϊόντα με άδεια όπως το Splunk Enterprise Security, οι δημιουργοί της Malcolm αισθάνονται αισιόδοξοι πως ο ισχυρός συνδυασμός εργαλείων του, γεμίζουν ένα κενό στον χώρο ασφαλείας των δικτύων που θα καταστήσει την ανάλυση της κίνησης του δικτύου προσβάσιμη σε πολλούς τόσο στον δημόσιο όσο και στον ιδιωτικό τομέα, καθώς και σε μεμονωμένους χρήστες.

Specifications

  • Easy to useMalcolm receives packages (PCAP) and καταγραφής Zeek (πρώην Bro). Αυτά τα αντικείμενα μπορούν να μεταφορτωθούν μέσω μιας απλής based on the program s or be recorded live and forwarded to. In both cases, the data is automatically normalized, enriched and correlated for analysis.
  • Powerful network analyzer– Visibility into network communications is provided through two intuitive interfaces: Kibana, a flexible data visualization plugin with dozens of predefined tables which provide a quick overview of network protocols. And Moloch, a powerful tool for finding and tracing network sessions that include suspicious security events.
  • Improved growth- Malcolm acts as a Docker cluster, serving a specific system function. This Docker-based deployment model, combined with a few simple scripts for setting up and managing runtime, makes Malcolm suitable for fast deployment across platforms and applications, whether it is long-term deployment on a Linux server, a security function center (SOC) ) or to respond to events on a Macbook for individual use.
  • Secure in communications All communications with Malcolm, both from the user interface and from remote logging forwarders, are secured with industry standard encryption protocols.
  • Open source program Malcolm is made up of many well-known open source tools, making it an attractive alternative to security solutions that require paid licenses.
  • Visibility of the control systemWhile Malcolm is ideal for general purpose network traffic analysis, its creators see a particular need in the community for tools that provide information about protocols used in industrial control systems (ICS) environments. The continued development of Malcolm aims to provide additional analyzers for common ICS protocols.

In short, Malcolm provides an easy-to-use suite of network analysis tools for complete packet collection (PCAP files) and Zeek logs. While internet access is required to create it, it is not required when running it.

Application snapshots

You will find the program installation guide as well as user functions here

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).