Malcolm: Network Traffic Analysis
Network traffic analysis suite offering easy upload, powerful traffic analysis, and streamlined deployment for security operations.
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind:
• Easy to use – Network traffic captures can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders to be automatically normalized, enriched, and correlated for analysis.
• Powerful traffic analysis – Visibility into network communications is provided through two intuitive interfaces: OpenSearch Dashboards, a flexible data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Arkime, a powerful tool for finding and identifying the network sessions comprising suspected security incidents.
• Streamlined deployment – Malcolm's container-based deployment model makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment in a security operations center or on a laptop for an individual engagement.
• Permissive license – Malcolm is comprised of several widely-used open source tools, making it an attractive alternative to security solutions requiring paid licenses.
• Expanding control systems visibility – While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common ICS protocols.
In short, Malcolm provides an easily deployable network analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs.
For Additional Information: • https://inl.gov/ics-malcolm
This software is open source and available at no cost. Download now by visiting the product's GitHub page.