Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

This project is a SIEM with SIRP and Threat Intel, all in one.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Cyber Defence Monitoring Course Suite :: Suricata, Arkime (and others in the past)

DShield Sensor Log Collection with ELK

The website for arkime.com

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

This project aims to simplify the process of setting up Arkime, which can be daunting for brand-neww network analysts. Unlike the traditional Arkime build, this repository provides a streamlined approach using Docker Compose and environment variables.

Splunk add-on to perform basic searches against the back end of Arkime using the Elasticsearch REST API.