Skip to content
New issue

z.staging

No due date 0% complete

This "milestone" is to hold issues that are of somewhat higher priority than the general pile, but not yet assigned to a release milestone.

"policy manager" for Malcolm and Hedgehog Linux (meta-issue) arkime Relating to Malcolm's use of Arkime enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management sensor For issues dealing with the Hedgehog OS capture sensor suricata Relating to Malcolm's use of Suricata UI Relating to general UI experience zeek Relating to Malcolm's use of Zeek
#396 opened Nov 4, 2024 by mmguero
1
API tokens created in NetBox still require authentication through NGINX reverse proxy bug Something isn't working discussion Has an associated post on the Malcolm discussions board netbox Related to Malcolm's use of NetBox nginx Relating to Malcolm's use of nginx security Related to issues with bearing on the security of Malcolm itself
#383 opened Nov 4, 2024 by mmguero
code cleanup: rename zeek fields to ECS rather than just merge arkime Relating to Malcolm's use of Arkime code Issues for code cleanup/refactoring/technical debt dashboards Relating to Malcolm's OpenSearch Dashboards interface logstash Relating to Malcolm's use of Logstash zeek Relating to Malcolm's use of Zeek
#388 opened Nov 4, 2024 by mmguero
2
explore customization of the NetBox interface using custom links and widgets enhancement New feature or request netbox Related to Malcolm's use of NetBox UI Relating to general UI experience
#359 opened Nov 4, 2024 by mmguero
file extraction/scanning with AssemblyLine carving Relating to carving (extraction) of files from traffic and the scanning of those files enhancement New feature or request external Depends on a bug or feature external to this project
#392 opened Nov 4, 2024 by mmguero
Hedgehog Linux: upgrade process enhancement New feature or request sensor For issues dealing with the Hedgehog OS capture sensor upgrade Related to the Malcolm/Hedgehog upgrade process
#351 opened Nov 4, 2024 by mmguero
integrate Zeek IEC104 parser enhancement New feature or request ics Relating to ICS (Industrial Control Systems) devices zeek Relating to Malcolm's use of Zeek
#379 opened Nov 4, 2024 by mmguero
1
investigate "chainsaw" for additional processing of EVTX files enhancement New feature or request external Depends on a bug or feature external to this project
#382 opened Nov 4, 2024 by mmguero
Live capture on AWS using VPC traffic mirroring capture Relating to pcap-capture container cloud Relating to deployment of Malcolm in the cloud and/or with Kubernetes
#474 opened Nov 5, 2024 by mmguero
2
Malcolm "plugin architecture" (meta-issue) development dealing with the development process itself docker Relating to docker and docker-compose as used by Malcolm enhancement New feature or request nginx Relating to Malcolm's use of nginx plugins Related to Malcolm "plugins" UI Relating to general UI experience
#409 opened Nov 4, 2024 by mmguero
Malcolm: upgrade process enhancement New feature or request upgrade Related to the Malcolm/Hedgehog upgrade process
#352 opened Nov 4, 2024 by mmguero
plugin architecture: custom Logstash filters enhancement New feature or request logstash Relating to Malcolm's use of Logstash plugins Related to Malcolm "plugins"
#363 opened Nov 4, 2024 by mmguero
plugin architecture: custom rules/policy/scripts/config/etc. arkime Relating to Malcolm's use of Arkime carving Relating to carving (extraction) of files from traffic and the scanning of those files enhancement New feature or request plugins Related to Malcolm "plugins" suricata Relating to Malcolm's use of Suricata zeek Relating to Malcolm's use of Zeek
#366 opened Nov 4, 2024 by mmguero
plugin architecture: dashboards/visualizations dashboards Relating to Malcolm's OpenSearch Dashboards interface enhancement New feature or request plugins Related to Malcolm "plugins"
#368 opened Nov 4, 2024 by mmguero
plugin architecture: define file/directory format enhancement New feature or request plugins Related to Malcolm "plugins"
#369 opened Nov 4, 2024 by mmguero
plugin architecture: how to handle new fields added by plugins dashboards Relating to Malcolm's OpenSearch Dashboards interface enhancement New feature or request logstash Relating to Malcolm's use of Logstash opensearch Relating to Malcolm's use of OpenSearch plugins Related to Malcolm "plugins" zeek Relating to Malcolm's use of Zeek
#364 opened Nov 4, 2024 by mmguero
plugin architecture: new service or container cloud Relating to deployment of Malcolm in the cloud and/or with Kubernetes docker Relating to docker and docker-compose as used by Malcolm enhancement New feature or request plugins Related to Malcolm "plugins"
#367 opened Nov 4, 2024 by mmguero
plugin architecture: Zeek packages enhancement New feature or request plugins Related to Malcolm "plugins" zeek Relating to Malcolm's use of Zeek
#365 opened Nov 4, 2024 by mmguero
policy manager: APIs api Related to issues dealing with the Malcolm REST API enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management
#371 opened Nov 4, 2024 by mmguero
policy manager: Hegehog policy subscription and application enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management
#375 opened Nov 4, 2024 by mmguero
policy manager: Malcolm policy subscription and application enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management
#374 opened Nov 4, 2024 by mmguero
policy manager: underlying storage of policy details in Malcolm enhancement New feature or request policy Related to issues dealing with "policy" (rules, configuration, etc.) management
#360 opened Nov 4, 2024 by mmguero
review and update macOS prep and installation documentation doc Relating to Malcolm documentation enhancement New feature or request
#405 opened Nov 4, 2024 by mmguero
1
review Trivy report docker Relating to docker and docker-compose as used by Malcolm iso relating to the ISO-installed environment for Malcolm and/or Hedgehog security Related to issues with bearing on the security of Malcolm itself
#380 opened Nov 4, 2024 by mmguero
1
size-based arkime_sessions3-* indexes arkime Relating to Malcolm's use of Arkime elastic Related to issue with external ElasticSearch/Kibana output enhancement New feature or request external Depends on a bug or feature external to this project opensearch Relating to Malcolm's use of OpenSearch
#384 opened Nov 4, 2024 by mmguero
fine-grained access controls arkime Relating to Malcolm's use of Arkime enhancement New feature or request nginx Relating to Malcolm's use of nginx opensearch Relating to Malcolm's use of OpenSearch security Related to issues with bearing on the security of Malcolm itself
#460 opened Nov 5, 2024 by mmguero
1
yes/no/back dialog buttons in install/configure scripts don't work correctly on Ubuntu 22.04 bug Something isn't working install.py Relating to the install.py configuration script UI Relating to general UI experience
#505 opened Nov 20, 2024 by mmguero
1
uploading zeek log files with rolled-over filenames including the date don't get the log type detected correctly bug Something isn't working logstash Relating to Malcolm's use of Logstash regression It worked at one point... upload Relating to PCAP and/or Zeek log ingestion
#490 opened Nov 7, 2024 by mmguero
expand test suite framework to run on top of docker and vagrant in addition to virter docker Relating to docker and docker-compose as used by Malcolm enhancement New feature or request testing Related to automated system testing of Malcolm
#527 opened Dec 12, 2024 by mmguero
standardize look-and-feel of Malcolm local user management interface enhancement New feature or request UI Relating to general UI experience
#531 opened Dec 12, 2024 by mmguero
trim test suite artifact data down to bare minimum enhancement New feature or request testing Related to automated system testing of Malcolm
#526 opened Dec 12, 2024 by mmguero
@mmguero
investigate Strelka for file scanning carving Relating to carving (extraction) of files from traffic and the scanning of those files enhancement New feature or request research Research or proof-of-concept for an idea
#485 opened Nov 5, 2024 by mmguero
@mmguero
1
netbox enrichment for non-network data in Logstash enhancement New feature or request logstash Relating to Malcolm's use of Logstash netbox Related to Malcolm's use of NetBox
#390 opened Nov 4, 2024 by mmguero
indicators based on JA4+ hashes enhancement New feature or request zeek Relating to Malcolm's use of Zeek
#387 opened Nov 4, 2024 by mmguero
extend intel.log with additional fields using corelight/ExtendIntel arkime Relating to Malcolm's use of Arkime dashboards Relating to Malcolm's OpenSearch Dashboards interface enhancement New feature or request external Depends on a bug or feature external to this project intel Related to integration with threat intel feeds logstash Relating to Malcolm's use of Logstash zeek Relating to Malcolm's use of Zeek
#502 opened Nov 19, 2024 by mmguero
7 tasks