v6.1.0 development

[mmguero]

Malcolm v6.1.0 is a feature release with a number of updates and improvements.

v6.0.1...v6.1.0

• Bugs fixed

  • Zeek logs get reingested after container restart - (Zeek-Logs get reingested after container restart idaholab/Malcolm#101)
  • Added IPsec fields that were not being parsed
  • Fixed some dashboards that should have been using ECS field names
  • Split the STUN attribute type field on comma during stun.log parsing

• Improvements

  • Malcolm's OpenSearch index template is now composed upon initialization with elements from the latest Elastic Common Schema release.
  • Replaced most instances of beats on Hedgehog Linux (with the exception of the Apache-licensed 7.10.2 filebeat which is compatible with OpenSearch) with Fluent Bit (see replace beats with fluentbit idaholab/Malcolm#102) for resource utilization monitoring, etc. and recreated dashboards referencing these metrics
  • Replaced Auditbeat file integrity checking module with AIDE for Hedgehog Linux
  • Added an optionally exposed (disabled by default) a TCP input endpoint to Malcolm to allow easier ingestion of other third-party logs not natively supported by Malcolm
  • Improvements to APIs for listing fields and indices
  • Removed old environment variable-configured Index State Management code as the new OpenSearch v2.1.0 release has nice UIs for both index state management and snapshot management

• Version bumps of note

  • Supercronic to v0.2.1
  • OpenSearch and OpenSearch Dashboards to v2.1.0 (incorporating changes from v2.0.0, v2.0.1 and v2.1.0)
  • Zeek to v5.0.0 with built-in Spicy and Spicy Zeek plugin
  • YARA to v4.2.2

Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/download/.

[lgtm-com]

This pull request introduces 5 alerts and fixes 32 when merging 2455c8e into c3e323b - view on LGTM.com

new alerts:

• 3 for Variable defined multiple times
• 1 for Unused local variable
• 1 for Unused import

fixed alerts:

• 8 for Unnecessary pass
• 8 for Unused import
• 6 for Variable defined multiple times
• 5 for 'import *' may pollute namespace
• 3 for Unused local variable
• 1 for Testing equality to None
• 1 for Except block handles 'BaseException'