curator-opensearch
Malcolm
curator-opensearch | Malcolm | |
---|---|---|
2 | 4 | |
72 | 1,749 | |
- | 1.8% | |
2.6 | 9.9 | |
about 2 months ago | 6 days ago | |
Python | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
curator-opensearch
Malcolm
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
The heavy lifting of this is CISA's Malcom [1]. Unfortunately the blog posts only provides a non-linked bullet to it [2]. Seth Grover, the main driver behind Malcom, put a lot of effort over the years into creating a turnkey soc-in-a-box distro that works especially well for an network-first approach. Endpoint isn't neglected, but the focus on Zeek, Suricata, Arkime shows the primary visibility drivers. This is not surprising, because CISA also developed a bunch of custom ICS protocol dissectors that provide visibility (DNP3, Modbus, etc.). The list is impressive [3]. All of this is turnkey available by running Malcom. Especially for OT, where we have a lot more unmanaged black boxes and networks that you don't wanna actively scan (factories have been brought down this way), passively watching is a safe and powerful approach.
It's a bit unfortunate that Kali didn't give the props to Seth's project (not even an outbound link). Perhaps this was just an oversight, or a spotlight blog post is coming later, but I hope that the history of this gets properly acknowledged, because it's darn clear where this comes from.
[1]: https://github.com/cisagov/Malcolm
[2]: https://www.kali.org/blog/kali-linux-2023-1-release/
[3]: https://cisagov.github.io/Malcolm/docs/protocols.html
-
Tool recommendation needed: Network analyzer
Now on the higher end level, I have a laptop I used for packet capture and sniffing. Using a small network tap device, I can hook this inline anywhere one suspects a potential issue. Then use software of your choice to capture and analyze data over a few days. Two I use for this purpose, along with cyber threat analysis are NTOPNG and Malcolm, a very poweful free opensource platform made by a brilliant guy at CISA. Link to git repo here. https://github.com/cisagov/Malcolm
- Malcolm A network traffic analysis tool suite for full packet capture artifacts
What are some alternatives?
kali-purple
DetectXDiscord - This Discord bot is designed to provide file scanning functionality using the VirusTotal API to check for viruses and other malware in attachments uploaded to a Discord channel.
Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.