Malcolm v23.01.0

Malcolm v23.01.0 is a feature release with new features and enhancements, component version updates and bug fixes.

v6.4.3...v23.01.0

• New features

  • Enrich network traffic metadata via NetBox lookups (idaholab/Malcolm#132)

• Enhancements

  • Switched from semantic versioning (semver) to calendar versioning (calver) (idaholab/Malcolm#139)
  • Added bartblaze/Yara-rules as a YARA rule source
  • Support new fields in EtherNet/IP / CIP parser

• Component version updates

  • OpenSearch and OpenSearch Dashboards v2.4.1
  • Beats to v8.5.3
  • NetBox to v3.4.2
  • docker-compose on ISO now uses the compose plugin

• Fixes

  • when using custom locations, pcap/upload and pcap/processed directories don't get created correctly after wipe (idaholab/Malcolm#140)
  • one Malcolm instance forwarding to another secondary tier Malcolm instance continually imports opensearch index templates (idaholab/Malcolm#142)
  • Updated source code copyright dates from 2022 to 2023

• Deprecated

  • Removed host-map.txt and cidr-map.txt for host and subnet name assignment (use net-map.json file or NetBox now)
  • MAC address to host name mapping for host and subnet name assignment (MAC address is too inconsistent to use as an identifier for a host as network captures may not show the actual MAC address for a given host's communication)

Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.