Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Malcolm v24.12.0 #615

Merged
merged 55 commits into from
Dec 19, 2024
Merged

Malcolm v24.12.0 #615

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
a6f5d16
bump fluent-bit and yq
mmguero Nov 19, 2024
0f00532
fix issues with demo script waiting for things to become ready
mmguero Nov 19, 2024
24b3f2d
bump for v24.12.0 development
mmguero Nov 19, 2024
152bd05
added corelight/zeek-quasarrat-detector plugin
mmguero Nov 19, 2024
39d5f72
added some other corelight packages for detecting various CVEs
mmguero Nov 19, 2024
b5738fe
Prompt user whether or not to enable live packet capture statistics
mmguero Nov 20, 2024
0c9c7d8
bump trivy-action
mmguero Nov 20, 2024
8312096
bump zeek to v7.0.4
mmguero Nov 20, 2024
af94577
Arkime to v5.5.1
mmguero Nov 20, 2024
a162ecb
for cisagov/Malcolm#496, bring netbox up to v4.1.6
mmguero Nov 20, 2024
ee5b3bb
for cisagov/Malcolm#496, bring netbox up to v4.1.6
mmguero Nov 20, 2024
9bc75ea
for cisagov/Malcolm#496, getting permissions working in v4.1.6
mmguero Nov 20, 2024
69ef3ac
for cisagov/Malcolm#496, getting permissions working in v4.1.6 (still…
mmguero Nov 20, 2024
6415d7a
Revert netbox permissions changes, going to make the old way work
mmguero Nov 21, 2024
7a6d7ab
for cisagov/Malcolm#496, getting permissions working in v4.1.6 (still…
mmguero Nov 21, 2024
efae87a
debug script for netbox permissions
mmguero Nov 21, 2024
cb8e080
for cisagov/Malcolm#496, getting permissions working in v4.1.6 (still…
mmguero Nov 21, 2024
14f568c
for cisagov/Malcolm#496, getting permissions working in v4.1.6 (think…
mmguero Nov 21, 2024
e7ccc0e
bump Logstash stask size to 2048k and make zeek.dns.trans_id an integer
mmguero Nov 22, 2024
71f38df
Added debug message
mmguero Nov 22, 2024
6a6cc49
make trans_id a keyword again
mmguero Nov 22, 2024
8cb4573
Fix cisagov/Malcolm#509
mmguero Nov 22, 2024
7144dba
netbox to v4.1.7
mmguero Nov 22, 2024
4bd8c49
bump opensearch-py to v2.8.0 and fluent-bit to v3.2.2
mmguero Dec 2, 2024
0e8b77d
api updates
mmguero Dec 3, 2024
e2cae17
increase max_clause_count to 8192; and expose the logstash api at / i…
mmguero Dec 3, 2024
9c80ec9
added ability to set extra arbitrary .env settings via configure script
mmguero Dec 4, 2024
55a7d2a
put some restrictions on being able to set --extra settings in config…
mmguero Dec 4, 2024
6d048b3
provide way for user to skip NetBox enrichment on a per-uploaded-PCAP…
mmguero Dec 4, 2024
117d8c8
update capa to v8.0.0
mmguero Dec 9, 2024
fdc5e6a
yq to v4.44.6
mmguero Dec 9, 2024
83080c0
capa v8.0.1
mmguero Dec 9, 2024
300cff7
fix severity tagging for signatures
mmguero Dec 10, 2024
ff92110
hide netbox tag from arkime session
mmguero Dec 10, 2024
09aaeb4
fix link
mmguero Dec 11, 2024
1008803
evtx fields for template
mmguero Dec 11, 2024
915367b
evtx fields for template
mmguero Dec 12, 2024
c58ff2c
idaholab/Malcolm#528, add simple readiness indicator to upload page
mmguero Dec 12, 2024
e76de32
documentation
mmguero Dec 12, 2024
d6d875e
screenshot update
mmguero Dec 12, 2024
6694aa2
cisagov/Malcolm#528, add simple readiness indicator to upload page
mmguero Dec 12, 2024
d872f15
more fields for cisagov/Malcolm#525, adding normalization for evtx
mmguero Dec 12, 2024
6dc30e7
more field normalization for cisagov/Malcolm#525, adding normalizatio…
mmguero Dec 12, 2024
18c4535
cisagov/Malcolm#494, Mandiant threat intel source doesn't get split c…
mmguero Dec 12, 2024
635e663
bump elasticsearch and elasticsearch-dsl
mmguero Dec 16, 2024
3501e8f
bump netbox to v4.1.8
mmguero Dec 16, 2024
32bd73b
cisagov/Malcolm#532, provide configuration options for pulling from t…
mmguero Dec 17, 2024
17d201b
Zeek v7.0.5
mmguero Dec 17, 2024
48b3013
fix some JSON zeek intel.log parsing issues
mmguero Dec 17, 2024
af97c7e
update screenshot
mmguero Dec 17, 2024
f172b95
readme
mmguero Dec 18, 2024
002a767
tweaks to ingest-stats API
mmguero Dec 18, 2024
c9bdda6
Merge branch 'development' of https://github.com/mmguero-dev/Malcolm …
mmguero Dec 18, 2024
1e8aa56
documentation update
mmguero Dec 18, 2024
d8dabe0
Merge branch 'development' of https://github.com/mmguero-dev/Malcolm …
mmguero Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/api-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/arkime-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dashboards-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dashboards-helper-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dirinit-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/file-monitor-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/file-upload-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/filebeat-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/freq-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/hedgehog-iso-build-docker-wrap-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/htadmin-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/logstash-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/malcolm-iso-build-docker-wrap-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/netbox-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/nginx-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/opensearch-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pcap-capture-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pcap-monitor-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/postgresql-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/redis-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/suricata-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/zeek-build-and-push-ghcr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ jobs:
name: Run Trivy vulnerability scanner
if: ${{ matrix.platform == 'linux/amd64' }}
id: trivy-scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
env:
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/arkime.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1

ENV ARKIME_DIR "/opt/arkime"
ENV ARKIME_VERSION "5.5.0"
ENV ARKIME_VERSION "5.5.1"
ENV ARKIME_DEB_URL "https://github.com/arkime/arkime/releases/download/v${ARKIME_VERSION}/arkime_${ARKIME_VERSION}-1.debian12_XXX.deb"
ENV ARKIME_JA4_SO_URL "https://github.com/arkime/arkime/releases/download/v${ARKIME_VERSION}/ja4plus.XXX.so"
ENV ARKIME_LOCALELASTICSEARCH no
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/filebeat.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ ENV SUPERCRONIC_VERSION "0.2.33"
ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-"
ENV SUPERCRONIC_CRONTAB "/etc/crontab"

ENV YQ_VERSION "4.44.3"
ENV YQ_VERSION "4.44.6"
ENV YQ_URL "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_"

ENV EVTX_VERSION "0.8.4"
Expand Down
11 changes: 5 additions & 6 deletions Dockerfiles/netbox.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM netboxcommunity/netbox:v4.0.11
FROM netboxcommunity/netbox:v4.1.8

# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved.
LABEL maintainer="malcolm@inl.gov"
Expand Down Expand Up @@ -29,14 +29,14 @@ ENV SUPERCRONIC_VERSION "0.2.33"
ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-"
ENV SUPERCRONIC_CRONTAB "/etc/crontab"

ENV NETBOX_INITIALIZERS_VERSION "50d077d"
ENV NETBOX_TOPOLOGY_VERSION "4.0.1"
ENV NETBOX_INITIALIZERS_VERSION "v4.1.0"
ENV NETBOX_TOPOLOGY_VERSION "4.1.0"
ENV NETBOX_HEALTHCHECK_VERSION "0.2.0"

ENV YQ_VERSION "4.44.3"
ENV YQ_VERSION "4.44.6"
ENV YQ_URL "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_"

ENV NETBOX_DEVICETYPE_LIBRARY_IMPORT_URL "https://codeload.github.com/netbox-community/Device-Type-Library-Import/tar.gz/develop"
ENV NETBOX_DEVICETYPE_LIBRARY_IMPORT_URL "https://codeload.github.com/mmguero-dev/Device-Type-Library-Import/tar.gz/develop"
ENV NETBOX_DEVICETYPE_LIBRARY_URL "https://codeload.github.com/netbox-community/devicetype-library/tar.gz/master"

ARG NETBOX_DEVICETYPE_LIBRARY_IMPORT_PATH="/opt/netbox-devicetype-library-import"
Expand Down Expand Up @@ -119,7 +119,6 @@ RUN export BINARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
cryptography \
GitPython \
Jinja2 \
"Django>=4.2.10,<5" \
paramiko \
pillow && \
mkdir -p "${NETBOX_PATH}/netbox/netbox" "${NETBOX_CUSTOM_PLUGINS_PATH}/requirements" && \
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/opensearch.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ ENV bootstrap.memory_lock "true"
ENV cluster.routing.allocation.disk.threshold_enabled "false"
ENV cluster.routing.allocation.node_initial_primaries_recoveries 8
ENV discovery.type "single-node"
ENV indices.query.bool.max_clause_count 4096
ENV indices.query.bool.max_clause_count 8192
ENV logger.level "WARN"
ENV MAX_LOCKED_MEMORY "unlimited"
ENV path.repo "/opt/opensearch/backup"
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/suricata.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ ENV SUPERCRONIC_VERSION "0.2.33"
ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-"
ENV SUPERCRONIC_CRONTAB "/etc/crontab"

ENV YQ_VERSION "4.44.3"
ENV YQ_VERSION "4.44.6"
ENV YQ_URL "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_"

ENV SURICATA_VERSION_PATTERN "1:7.0.*"
Expand Down
4 changes: 2 additions & 2 deletions Dockerfiles/zeek.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ USER root
# see PUSER_CHOWN at the bottom of the file (after the other environment variables it references)

# for download and install
ARG ZEEK_VERSION=7.0.3-0
ARG ZEEK_VERSION=7.0.5-0
ENV ZEEK_VERSION $ZEEK_VERSION
ARG ZEEK_DEB_ALTERNATE_DOWNLOAD_URL=""

Expand Down Expand Up @@ -183,7 +183,7 @@ RUN groupadd --gid ${DEFAULT_GID} ${PUSER} && \
# sanity checks to make sure the plugins installed and copied over correctly
# these ENVs should match the third party scripts/plugins installed by zeek_install_plugins.sh
ENV ZEEK_THIRD_PARTY_PLUGINS_GREP "(Zeek::Spicy|ANALYZER_SPICY_OSPF|ANALYZER_SPICY_OPENVPN_UDP\b|ANALYZER_SPICY_IPSEC_UDP\b|ANALYZER_SPICY_TFTP|ANALYZER_SPICY_WIREGUARD|ANALYZER_SPICY_HART_IP_UDP|ANALYZER_SPICY_HART_IP_TCP|ANALYZER_SYNCHROPHASOR_TCP|ANALYZER_GENISYS_TCP|ANALYZER_SPICY_GE_SRTP|ANALYZER_SPICY_PROFINET_IO_CM|ANALYZER_S7COMM_TCP|Corelight::PE_XOR|ICSNPP::BACnet|ICSNPP::BSAP|ICSNPP::ENIP|ICSNPP::ETHERCAT|ICSNPP::OPCUA_Binary|Salesforce::GQUIC|Zeek::PROFINET|Zeek::TDS|Seiso::Kafka)"
ENV ZEEK_THIRD_PARTY_SCRIPTS_GREP "(bro-is-darknet/main|bro-simple-scan/scan|bzar/main|callstranger-detector/callstranger|cve-2020-0601/cve-2020-0601|cve-2020-13777/cve-2020-13777|CVE-2020-16898/CVE-2020-16898|CVE-2021-38647/omigod|CVE-2021-31166/detect|CVE-2021-41773/CVE_2021_41773|CVE-2021-42292/main|cve-2021-44228/CVE_2021_44228|cve-2022-22954/main|cve-2022-26809/main|CVE-2022-3602/__load__|hassh/hassh|http-more-files-names/main|ja4/main|pingback/detect|ripple20/ripple20|SIGRed/CVE-2020-1350|zeek-EternalSafety/main|zeek-httpattacks/main|zeek-sniffpass/__load__|zerologon/main)\.(zeek|bro)"
ENV ZEEK_THIRD_PARTY_SCRIPTS_GREP "(bro-is-darknet/main|bro-simple-scan/scan|bzar/main|callstranger-detector/callstranger|cve-2020-0601/cve-2020-0601|cve-2020-13777/cve-2020-13777|CVE-2020-16898/CVE-2020-16898|CVE-2021-1675/main|CVE-2021-31166/detect|CVE-2021-38647/omigod|CVE-2021-41773/CVE_2021_41773|CVE-2021-42292/main|cve-2021-44228/CVE_2021_44228|cve-2022-21907/main|cve-2022-22954/main|CVE-2022-23270-PPTP/main|CVE-2022-24491/main|CVE-2022-24497/main|cve-2022-26809/main|CVE-2022-26937/main|CVE-2022-30216/main|CVE-2022-3602/__load__|hassh/hassh|http-more-files-names/main|ja4/main|pingback/detect|ripple20/ripple20|SIGRed/CVE-2020-1350|zeek-agenttesla-detector/main|zeek-asyncrat-detector/main|zeek-EternalSafety/main|zeek-httpattacks/main|zeek-netsupport-detector/main|zeek-quasarrat-detector/main|zeek-sniffpass/__load__|zeek-strrat-detector/main|zerologon/main)\.(zeek|bro)"

RUN mkdir -p /tmp/logs && \
cd /tmp/logs && \
Expand Down
2 changes: 2 additions & 0 deletions _config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
repository: idaholab/Malcolm
title: Malcolm
malcolm:
version: 24.12.0
description: A powerful, easily deployable network traffic analysis tool suite for network security monitoring
logo: docs/images/logo/Malcolm_outline_banner_dark.png
remote_theme: pages-themes/minimal@v0.2.0
Expand Down
Loading