It's a bit unfortunate that Kali didn't give the props to Seth's project (not even an outbound link). Especially for OT, where we have a lot more unmanaged black boxes and networks that you don't wanna actively scan (factories have been brought down this way), passively watching is a safe and powerful approach. ![]() All of this is turnkey available by running Malcom. This is not surprising, because CISA also developed a bunch of custom ICS protocol dissectors that provide visibility (DNP3, Modbus, etc.). Endpoint isn't neglected, but the focus on Zeek, Suricata, Arkime shows the primary visibility drivers. Seth Grover, the main driver behind Malcom, put a lot of effort over the years into creating a turnkey soc-in-a-box distro that works especially well for an network-first approach. Unfortunately the blog posts only provides a non-linked bullet to it. ![]() The heavy lifting of this is CISA's Malcom.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |