Malcolm A network analysis tool

Malcolm is a powerful suite of network analytics tools designed with network security in mind.

Although all of the open source tools that make up Malcolm are already available and in general use, it provides an interface framework that makes it greater than the sum of its parts. While there are many other solutions for network analysis, for all Linux distributions such as Onion to licensed products like Splunk Enterprise Security, Malcolm's creators feel optimistic that its powerful combination of tools fills a gap in the space of networks that will make network traffic analysis accessible to many in both the public and private sectors as well as individual users.

Specifications

  • Easy to use- Malcolm receives packages (PCAP) and Zeek logs (formerly Bro). These items can be downloaded via a simple browser-based interface or recorded live and forwarded to. In both cases, the data are automatically normalized, enriched and correlated for analysis.
  • Powerful network analyzer- Visibility in network communications is provided through two intuitive interfaces: Kibana, a flexible data visualization plugin with dozens of predefined control panels that provide a quick overview of network protocols. And Moloch, a powerful tool for locating and detecting network sessions that contain suspicious security incidents.
  • Improved growth– Malcolm acts as a coof Docker, where it serves a special system function. This Docker-based development model, combined with a few simple scripts for setup and runtime management, makes Malcolm suitable for rapid deployment across a variety of platforms and use cases, be it long-term deployment on a Linux server a Security Operations Center (SOC ) or to respond to events on Macbooks for individual use.
  • Secure in communications All communications with Malcolm, both from the user interface and from remote logging forwarders, are secured with industry standard encryption protocols.
  • Open source program – Malcolm consists of many well-known open source tools, making it an attractive alternative for security solutions that require licenses on .
  • Visibility of the control systemWhile Malcolm is ideal for general purpose network traffic analysis, its creators see a particular need in the community for tools that provide information about protocols used in industrial control systems (ICS) environments. The continued development of Malcolm aims to provide additional analyzers for common ICS protocols.

In short, Malcolm provides an easy-to-use suite of network analysis tools for complete packet collection (PCAP files) and Zeek logs. While internet access is required to create it, it is not required when running it.

Application snapshots

Driver of the program as well as usage functions, you will find here

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

Malcolmnetwork analysis tool

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).