Malcolm Learning Tree

The purpose of this page is to divide and arrange Malcolm training topics into a logical sequence.

• Malcolm
  • Installation
    • Installing Malcolm Using the Installation ISO
    • Installing Malcolm on Linux Using Docker
    • Installing Malcolm on Microsoft Windows Using WSL2 and Docker
    • Installing Malcolm on macOS Using Docker
    • Cloud deployment
      • Deploying Malcolm Using Kubernetes
      • Deploying Malcolm Using Amazon AWS EKS
      • Deploying Malcolm Using AWS EC2 With an AMI
  • Configuration
    • Configuring Malcolm
    • Running Malcolm
    • Ingesting traffic
      • Capturing Live Network Traffic for Analysis
      • Uploading PCAP for Analysis
      • (link to Hedgehog section)
    • Authentication and User Management
    • Using a Remote OpenSearch or Elasticsearch Instance
    • Managing OpenSearch/Elasticsearch Indexes
  • OpenSearch Dashboards
    • Overview (video done in phase 1?)
    • Pre-built Dashboards
    • Queries and Filters
    • Notices and Signatures
    • Discover
    • Anomaly Detection
    • Creating Custom Dashboards
    • Alerting
      • Configuring Email for Alerting
      • Alerting
  • Arkime
    • Overview (video done in phase 1?)
    • Queries and Filters
    • Sessions
    • SPIView
    • SPIGraph
    • Connections
    • Hunt
    • CyberChef
  • NetBox
    • Overview (video done in phase 1?)
    • Manual Inventory Population
    • Automatic Inventory Population
    • Asset Interaction Analysis
    • Backing up and Restoring the NetBox Inventory
  • Other Analysis Topics
    • Pivoting Between Data Sources
    • File Extraction and Analysis
    • Severity Scoring
    • Forwarding Third-Party Logs to Malcolm
    • Using MISP and STIX/TAXII Intelligence Feeds
    • Log Enrichment
    • Using Custom Rules and Scripts
    • Using the Malcolm REST API
• Hedgehog Linux
  • Installing Hedgehog Linux
  • Configuring Hedgehog Linux
  • Operation
    • Running Hedgehog Linux
    • Monitoring Sensor Metrics