cisagov Malcolm Q A · Discussions

Q&A Discussions

You must be logged in to vote

Alerts visualization / Alerts dashboard
alerting Related to Malcolm's use of alerting
commanderFx asked Jan 6, 2026 in Q&A · Unanswered

10
You must be logged in to vote

Integration With Firewall/IPS for Autonomous Response
external Depends on a bug or feature external to this project
alasdairmuckart asked Mar 3, 2026 in Q&A · Closed · Answered

2
You must be logged in to vote

Upgrade Hedgehog
sensor For issues dealing with the Hedgehog OS capture sensor upgrade Related to the Malcolm/Hedgehog upgrade process
commanderFx asked Feb 26, 2026 in Q&A · Unanswered

4
You must be logged in to vote

Allow Arkime WISE Configuration
arkime Relating to Malcolm's use of Arkime
devilman85 asked Feb 17, 2026 in Q&A · Closed · Unanswered

4
You must be logged in to vote

MaxMind GeoLite2 update

commanderFx asked Feb 18, 2026 in Q&A · Unanswered

1
You must be logged in to vote

Hedgehog bandwidth
performance Related to speed/performance sensor For issues dealing with the Hedgehog OS capture sensor
commanderFx asked Feb 5, 2026 in Q&A · Closed · Answered

2
You must be logged in to vote

Auto ingestion of pcap with unprocessed folder
upload Relating to PCAP and/or Zeek log ingestion
Anadema asked Feb 4, 2026 in Q&A · Closed · Answered

4
You must be logged in to vote

Delete sessions & pcap
upload Relating to PCAP and/or Zeek log ingestion opensearch Relating to Malcolm's use of OpenSearch
Anadema asked Jan 29, 2026 in Q&A · Closed · Answered

12
You must be logged in to vote

Performance Issue with Container Startup Due to docker-uid-gid-setup.sh on Mechanical Hard Drives

H-Dynamite asked Jan 21, 2026 in Q&A · Closed · Answered

6
You must be logged in to vote

Malcolm & Elastic 9

alexssl87 asked Dec 28, 2025 in Q&A · Closed · Answered

3
You must be logged in to vote

Index Management (Optimization Period) Causes Logstash Ingestion Failures for Older Log Data

H-Dynamite asked Dec 4, 2025 in Q&A · Unanswered

1
You must be logged in to vote

Granular permissions
auth Related to Malcolm's authentication and/or user management
y0d4a asked Nov 26, 2025 in Q&A · Closed · Answered

1
You must be logged in to vote

Arkime Error - Dashboards is working fine

Jallnutt1 asked Oct 10, 2025 in Q&A · Closed · Unanswered

2
You must be logged in to vote

opensearch plugin repository-s3

y0d4a asked Oct 23, 2025 in Q&A · Closed · Answered

2
You must be logged in to vote

Static network configuration in Preseed files

0xMishee asked Oct 3, 2025 in Q&A · Closed · Unanswered

2
You must be logged in to vote

Malcolm - Landing Page

cullmancyber asked Sep 2, 2025 in Q&A · Closed · Answered

3
You must be logged in to vote

Exporting/forwarding network traffic logs?

y0d4a asked Aug 14, 2025 in Q&A · Closed · Answered

3
You must be logged in to vote

Version of Suricata that is part of Malcolm

krajeshwaran asked Aug 8, 2025 in Q&A · Closed · Answered

2
You must be logged in to vote

oinkcode (PRO code)
enhancement New feature or request suricata Relating to Malcolm's use of Suricata
y0d4a asked Jul 28, 2025 in Q&A · Closed · Answered

4
You must be logged in to vote

accessing PCAP for processing remotely?
upload Relating to PCAP and/or Zeek log ingestion
mmguero asked Jul 24, 2025 in Q&A · Closed · Answered

1
You must be logged in to vote

monitoring for data exfiltration
dashboards Relating to Malcolm's OpenSearch Dashboards interface opensearch Relating to Malcolm's use of OpenSearch
y0d4a asked Jul 12, 2025 in Q&A · Closed · Answered

2
You must be logged in to vote

Malcolm and Suricata alert IP association issue
suricata Relating to Malcolm's use of Suricata
H-Dynamite asked Apr 29, 2025 in Q&A · Closed · Unanswered

1
You must be logged in to vote

Transfer client certificate to Malcolm sensor

dwade5 asked May 7, 2025 in Q&A · Closed · Answered

4
You must be logged in to vote

Modbus Connection logs
zeek Relating to Malcolm's use of Zeek ics Relating to ICS (Industrial Control Systems) devices
tbfhg asked Apr 23, 2025 in Q&A · Closed · Answered

2
You must be logged in to vote

Questions about ENV_PCAP_FILTER
capture Relating to pcap-capture container
alleniverson33 asked Mar 18, 2025 in Q&A · Closed · Answered

1