home.social

#opensearch — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #opensearch, aggregated by home.social.

  1. 🔍 The @OpenSearchProject Software Foundation & @linuxfoundation are partnering on a community survey to shape the future of .

    Your input matters — take 5 minutes to share your feedback! 🙌

    👉 research.net/r/GTH6CYP

  2. Mediawiki und SearchSuggestions sind mir irgendwie suspekt

    1. Vanilla-Variante
    ** Ist Case-sensitive (nach Buchstabe 1). "open lib" schlägt nicht "Open Library" vor

    2. TitleKey-Extension
    ** Nicht Case sensitive, aber dafür keine Namensräume. "Ausw" findet nicht "OUS:Ausweis"

    3. CirrusSearch (OpenSearch)
    ** Case-insensitive + Namensräume. Dafür werden Seitentitel erstaunlich gering bewertet

    Subpages vorzuschlagen schafft keineVariante

    #mediawiki #suche #CirrusSearch #TitleKey #OpenSearch

    /x

  3. Mediawiki und SearchSuggestions sind mir irgendwie suspekt

    1. Vanilla-Variante
    ** Ist Case-sensitive (nach Buchstabe 1). "open lib" schlägt nicht "Open Library" vor

    2. TitleKey-Extension
    ** Nicht Case sensitive, aber dafür keine Namensräume. "Ausw" findet nicht "OUS:Ausweis"

    3. CirrusSearch (OpenSearch)
    ** Case-insensitive + Namensräume. Dafür werden Seitentitel erstaunlich gering bewertet

    Subpages vorzuschlagen schafft keineVariante

    #mediawiki #suche #CirrusSearch #TitleKey #OpenSearch

    /x

  4. Mediawiki und SearchSuggestions sind mir irgendwie suspekt

    1. Vanilla-Variante
    ** Ist Case-sensitive (nach Buchstabe 1). "open lib" schlägt nicht "Open Library" vor

    2. TitleKey-Extension
    ** Nicht Case sensitive, aber dafür keine Namensräume. "Ausw" findet nicht "OUS:Ausweis"

    3. CirrusSearch (OpenSearch)
    ** Case-insensitive + Namensräume. Dafür werden Seitentitel erstaunlich gering bewertet

    Subpages vorzuschlagen schafft keineVariante

    #mediawiki #suche #CirrusSearch #TitleKey #OpenSearch

    /x

  5. Mediawiki und SearchSuggestions sind mir irgendwie suspekt

    1. Vanilla-Variante
    ** Ist Case-sensitive (nach Buchstabe 1). "open lib" schlägt nicht "Open Library" vor

    2. TitleKey-Extension
    ** Nicht Case sensitive, aber dafür keine Namensräume. "Ausw" findet nicht "OUS:Ausweis"

    3. CirrusSearch (OpenSearch)
    ** Case-insensitive + Namensräume. Dafür werden Seitentitel erstaunlich gering bewertet

    Subpages vorzuschlagen schafft keineVariante

    #mediawiki #suche #CirrusSearch #TitleKey #OpenSearch

    /x

  6. Mediawiki und SearchSuggestions sind mir irgendwie suspekt

    1. Vanilla-Variante
    ** Ist Case-sensitive (nach Buchstabe 1). "open lib" schlägt nicht "Open Library" vor

    2. TitleKey-Extension
    ** Nicht Case sensitive, aber dafür keine Namensräume. "Ausw" findet nicht "OUS:Ausweis"

    3. CirrusSearch (OpenSearch)
    ** Case-insensitive + Namensräume. Dafür werden Seitentitel erstaunlich gering bewertet

    Subpages vorzuschlagen schafft keineVariante

    #mediawiki #suche #CirrusSearch #TitleKey #OpenSearch

    /x

  7. I'm sorry to say I won't be at Observability Summit this year 😢
    But the @OpenSearchProject will be there in full force.
    In fact, we've got 5️⃣ OpenSearch talks on the agenda! 🔥 (see thread 🧵)

    If you're attending, don't miss them out, and drop by the booth T2 to check out the demos and to chat with the maintainers (they're also at Open Source Summit, Booth G/S3, if you're around).

  8. So, jetzt mal das Mediawiki mit OpenSearch aufgesetzt.

    Schön ist dann, dass Suchvorschläge Namensräume berücksichtigen _und_ case insensitive sind.

    Bei den Ergebnissen selber, gefällt mir die Vanilla-Suche spontan noch besser. Aber vielleicht kann man OpenSearch bzw. die CirrusSearch -Extension noch optimieren 🤔 (am besten einfach :))

    Naja, genug für heute :)

    #mediawiki #suche #opensearch

  9. So, jetzt mal das Mediawiki mit OpenSearch aufgesetzt.

    Schön ist dann, dass Suchvorschläge Namensräume berücksichtigen _und_ case insensitive sind.

    Bei den Ergebnissen selber, gefällt mir die Vanilla-Suche spontan noch besser. Aber vielleicht kann man OpenSearch bzw. die CirrusSearch -Extension noch optimieren 🤔 (am besten einfach :))

    Naja, genug für heute :)

    #mediawiki #suche #opensearch

  10. So, jetzt mal das Mediawiki mit OpenSearch aufgesetzt.

    Schön ist dann, dass Suchvorschläge Namensräume berücksichtigen _und_ case insensitive sind.

    Bei den Ergebnissen selber, gefällt mir die Vanilla-Suche spontan noch besser. Aber vielleicht kann man OpenSearch bzw. die CirrusSearch -Extension noch optimieren 🤔 (am besten einfach :))

    Naja, genug für heute :)

    #mediawiki #suche #opensearch

  11. So, jetzt mal das Mediawiki mit OpenSearch aufgesetzt.

    Schön ist dann, dass Suchvorschläge Namensräume berücksichtigen _und_ case insensitive sind.

    Bei den Ergebnissen selber, gefällt mir die Vanilla-Suche spontan noch besser. Aber vielleicht kann man OpenSearch bzw. die CirrusSearch -Extension noch optimieren 🤔 (am besten einfach :))

    Naja, genug für heute :)

    #mediawiki #suche #opensearch

  12. So, jetzt mal das Mediawiki mit OpenSearch aufgesetzt.

    Schön ist dann, dass Suchvorschläge Namensräume berücksichtigen _und_ case insensitive sind.

    Bei den Ergebnissen selber, gefällt mir die Vanilla-Suche spontan noch besser. Aber vielleicht kann man OpenSearch bzw. die CirrusSearch -Extension noch optimieren 🤔 (am besten einfach :))

    Naja, genug für heute :)

    #mediawiki #suche #opensearch

  13. This is a major architecture change to the search engine!

    The community is working on evolving @OpenSearchProject from its tightly coupled Apache foundation into a composable query engine — think Apache Parquet, Arrow, ORC, Lance, and beyond.

    I'm excited about this one. It's far from trivial, but this is the kind of architectural thinking that unlocks entirely new workload categories.

    What do you think?
    Chime in:
    github.com/opensearch-project/

  14. CW: release notes for Malcolm v26.05.2, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.2 is out?!? What, already? Déjà vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

    Malcolm v26.05.2 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
    • ✅ Component version updates
    • 🐛 Bug fixes
      • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
      • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
      • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
      • Suricata's HTTP version was not being normalized to network.protocol_version.
    • 🧹 Code and project maintenance

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  15. CW: release notes for Malcolm v26.05.2, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.2 is out?!? What, already? Déjà vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

    Malcolm v26.05.2 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
    • ✅ Component version updates
    • 🐛 Bug fixes
      • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
      • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
      • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
      • Suricata's HTTP version was not being normalized to network.protocol_version.
    • 🧹 Code and project maintenance

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  16. CW: release notes for Malcolm v26.05.2, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.2 is out?!? What, already? Déjà vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

    Malcolm v26.05.2 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
    • ✅ Component version updates
    • 🐛 Bug fixes
      • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
      • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
      • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
      • Suricata's HTTP version was not being normalized to network.protocol_version.
    • 🧹 Code and project maintenance

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  17. CW: release notes for Malcolm v26.05.2, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.2 is out?!? What, already? Déjà vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

    Malcolm v26.05.2 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
    • ✅ Component version updates
    • 🐛 Bug fixes
      • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
      • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
      • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
      • Suricata's HTTP version was not being normalized to network.protocol_version.
    • 🧹 Code and project maintenance

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  18. CW: release notes for Malcolm v26.05.2, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.2 is out?!? What, already? Déjà vu? We bumped up to the timetable on this release as a critical vulnerability found in NGINX made it expedient for us to do so.

    Malcolm v26.05.2 focuses heavily on security updates, most notably upgrading OpenResty to address a critical NGINX remote code execution heap buffer overflow vulnerability. It also adds new Suricata OT detections for D-Link HNAP abuse, improves alerting webhook support, introduces the File Tree dashboard, and includes Suricata parsing/mapping fixes and documentation updates. Several other components received version bumps as well.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
    • ✅ Component version updates
    • 🐛 Bug fixes
      • Reference Counting (Use-After-Free) Bug for PyList_SetItem in filescan's python-statfs (#960 #962)
      • Added a few missing Suricata fields (suricata.tc_progress, suricata.ts_progress, suricata.tunnel.pcap_cnt, suricata.tunnel.pkt_src) to the index mapping template
      • When suricata.app_proto_ts and/or suricata.app_proto_tc reported that protocol parsing had failed (due to malformed input data), invalid data could be stored in HTTP, DNS, and/or TLS fields. This is now detected and those invalid values are dropped, and some combination of proto_parse_failed, client_stream_failed, or server_stream_failed are added to tags.
      • Suricata's HTTP version was not being normalized to network.protocol_version.
    • 🧹 Code and project maintenance

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  19. Hello community. Janelle Arita and the team have an open request for comments on new ideas for Dashboards.

    Come give your input and help take improvement ideas forward with the OpenSearch Project.
    @OpenSearchProject

    github.com/opensearch-project/

  20. Hello #OpenSearch community. Janelle Arita and the #UX team have an open request for comments on new ideas for Dashboards.

    Come give your input and help take improvement ideas forward with the OpenSearch Project.
    #OpenSearchAmbassador #opensource @OpenSearchProject

    github.com/opensearch-project/

  21. Hello #OpenSearch community. Janelle Arita and the #UX team have an open request for comments on new ideas for Dashboards.

    Come give your input and help take improvement ideas forward with the OpenSearch Project.
    #OpenSearchAmbassador #opensource @OpenSearchProject

    github.com/opensearch-project/

  22. Hello #OpenSearch community. Janelle Arita and the #UX team have an open request for comments on new ideas for Dashboards.

    Come give your input and help take improvement ideas forward with the OpenSearch Project.
    #OpenSearchAmbassador #opensource @OpenSearchProject

    github.com/opensearch-project/

  23. Hello #OpenSearch community. Janelle Arita and the #UX team have an open request for comments on new ideas for Dashboards.

    Come give your input and help take improvement ideas forward with the OpenSearch Project.
    #OpenSearchAmbassador #opensource @OpenSearchProject

    github.com/opensearch-project/

  24. The maintainers of the Go client for are looking for more folks to join in.
    If you're a dev, and you want to contribute to , the opensearch-go library @OpenSearchProject (a @linuxfoundation top-level project) is a great opportunity.
    linkedin.com/posts/horovits_op

  25. I've never been to Slovenia, so extra excited towards #JCON Slovenia 🇸🇮
    I'll speak about the OpenSearch Project, and how it can help you in your search, observability and vector database needs.
    See you 27-29 May in Portorož @jcon Slovenia!
    And if you have any recommendations for a first-time visitor, comment or DM me 🙂
    #OpenSearchAmbassador #OpenSearch #JConSlovenia
    makeit.si/schedule/

  26. I've never been to Slovenia, so extra excited towards Slovenia 🇸🇮
    I'll speak about the OpenSearch Project, and how it can help you in your search, observability and vector database needs.
    See you 27-29 May in Portorož @jcon Slovenia!
    And if you have any recommendations for a first-time visitor, comment or DM me 🙂

    makeit.si/schedule/

  27. I've never been to Slovenia, so extra excited towards #JCON Slovenia 🇸🇮
    I'll speak about the OpenSearch Project, and how it can help you in your search, observability and vector database needs.
    See you 27-29 May in Portorož @jcon Slovenia!
    And if you have any recommendations for a first-time visitor, comment or DM me 🙂
    #OpenSearchAmbassador #OpenSearch #JConSlovenia
    makeit.si/schedule/

  28. I've never been to Slovenia, so extra excited towards #JCON Slovenia 🇸🇮
    I'll speak about the OpenSearch Project, and how it can help you in your search, observability and vector database needs.
    See you 27-29 May in Portorož @jcon Slovenia!
    And if you have any recommendations for a first-time visitor, comment or DM me 🙂
    #OpenSearchAmbassador #OpenSearch #JConSlovenia
    makeit.si/schedule/

  29. I've never been to Slovenia, so extra excited towards #JCON Slovenia 🇸🇮
    I'll speak about the OpenSearch Project, and how it can help you in your search, observability and vector database needs.
    See you 27-29 May in Portorož @jcon Slovenia!
    And if you have any recommendations for a first-time visitor, comment or DM me 🙂
    #OpenSearchAmbassador #OpenSearch #JConSlovenia
    makeit.si/schedule/

  30. The maintainers of the Go client for are looking for more folks to join in.

    If you're a dev, and you want to contribute to , the opensearch-go library is a great opportunity.

    @OpenSearchProject is a community led project under The Linux Foundation with billions of downloads and great momentum.

    Check out the issue and DM me if you've got questions.

    github.com/opensearch-project/

    @linuxfoundation

  31. 📢 connector 2.0 is out!
    Your helper to parallelize reads/writes across @apache.org Spark partitions and @opensearch.org shards just got a boost:
    ✅ Spark 3.5 and 4 support
    ✅ OpenSearch 3.x compatibility
    ✅ Amazon OpenSearch Serverless support
    and more
    opensearch.org/blog/introducin

  32. Excited to have 2 talks accepted to 'Community Over Code' this year!

    "Beyond Pull Requests How Non-Coders Quietly Power " with fellow Sakshi Nasha where we'll discuss the importance of non-code contributions

    &

    "Planning an event? Learn how chaos can drive engagement" where I will pass along my knowledge from years of running a unique 'Unconference' at our OpenSearchCon conferences.

    communityovercode.org/schedule/

  33. Excited to have 2 talks accepted to 'Community Over Code' this year!

    "Beyond Pull Requests How Non-Coders Quietly Power #OpenSource" with fellow #OpenSearchAmbassador Sakshi Nasha where we'll discuss the importance of non-code contributions

    &

    "Planning an event? Learn how chaos can drive engagement" where I will pass along my knowledge from years of running a unique 'Unconference' at our OpenSearchCon conferences.

    #CommunityOverCode #ApacheCon #OpenSearch #ASF

    communityovercode.org/schedule/

  34. Excited to have 2 talks accepted to 'Community Over Code' this year!

    "Beyond Pull Requests How Non-Coders Quietly Power #OpenSource" with fellow #OpenSearchAmbassador Sakshi Nasha where we'll discuss the importance of non-code contributions

    &

    "Planning an event? Learn how chaos can drive engagement" where I will pass along my knowledge from years of running a unique 'Unconference' at our OpenSearchCon conferences.

    #CommunityOverCode #ApacheCon #OpenSearch #ASF

    communityovercode.org/schedule/

  35. Excited to have 2 talks accepted to 'Community Over Code' this year!

    "Beyond Pull Requests How Non-Coders Quietly Power #OpenSource" with fellow #OpenSearchAmbassador Sakshi Nasha where we'll discuss the importance of non-code contributions

    &

    "Planning an event? Learn how chaos can drive engagement" where I will pass along my knowledge from years of running a unique 'Unconference' at our OpenSearchCon conferences.

    #CommunityOverCode #ApacheCon #OpenSearch #ASF

    communityovercode.org/schedule/

  36. Excited to have 2 talks accepted to 'Community Over Code' this year!

    "Beyond Pull Requests How Non-Coders Quietly Power #OpenSource" with fellow #OpenSearchAmbassador Sakshi Nasha where we'll discuss the importance of non-code contributions

    &

    "Planning an event? Learn how chaos can drive engagement" where I will pass along my knowledge from years of running a unique 'Unconference' at our OpenSearchCon conferences.

    #CommunityOverCode #ApacheCon #OpenSearch #ASF

    communityovercode.org/schedule/

  37. CW: release notes for Malcolm v26.05.0, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.0 delivers a mix of feature improvements, performance improvements, bug fixes, dependency updates, and deployment refinements across Malcolm and Hedgehog for both Docker- and Kubernetes-based workflows.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
      • #726 — use hierarchical structure for NetBox device roles
        • Expanded/reworked NetBox preloaded device roles into a hierarchical taxonomy (thanks Crubumble)
      • #867 — examine large chown'ed directories in container images and see if they can be reduced
      • #954 — allow users to provide custom netbox scripts to be automatically registered on startup (thanks PrudhviChanda)
        • Added NetBox custom script support in the container/runtime and docs, including bind-mounting ./netbox/custom-scripts and automatic script registration at startup
        • Renamed NetBox startup/control scripts from netbox/scripts to netbox/control-scripts
      • Added file.strings extraction/indexing/search support across Strelka → Logstash → OpenSearch templates (wildcard field mapping type) → Arkime/WISE
      • Added configurable Zeek file analyzer timeout via ZEEK_FILE_ANALYZER_TIMEOUT_SEC
      • netdev users in ISO-installed environment can run nmcli and nmtui to configure network interfaces.
      • the malcolm_appliance_packager.sh script that creates a tarball of Malcolm images can now package for both Malcolm and Hedgehog profiles.
    • ✅ Component version updates
    • 🐛 Bug fixes
      • #757 — multiple OpenSearch nodes (using Malcolm-Helm) fail to communicate with each other due to self-signed certs (thanks scott-jeffery)
        • OpenSearch post-start setup now supports configurable default replica counts instead of always forcing single-node replicas to 0
        • OpenSearch self-signed internal cert generation can now be skipped when external/preexisting certs are being used
      • #827 — Fix raspberry pi build which is broken since v25.12.0 Hedgehog/Malcolm platform unification
        • Updated Hedgehog Raspberry Pi docs and first-boot behavior/documentation
        • Hedgehog Raspberry Pi image now forces password change for sensor on first login and disables direct root password login by default
        • Refactored Raspberry Pi GitHub Actions build into reusable workflow .github/workflows/raspi-build-push.yml
      • #878 — Arkime capture Fails to Start on Hedgehog When WISE Web Config Is Enabled
        • Arkime RBAC role-mapping injection is now only applied when role-based access control is enabled
        • Arkime WISE configuration initialization now handles missing/empty persistent config files more robustly
        • Arkime live capture now normalizes WISE URLs better, follows redirects when probing, and avoids some bad URL construction edge cases
      • #957 — configuration script can disable ICS parsers unintentionally
      • #959 — Arkime sessions view attempts to load PCAP for Zeek and Suricata logs (which don't have PCAP) (see also arkime/arkime#3934)
      • Fixed one-off cleanup of interrupted Zeek intel files during stop --wipe
    • 🧹 Code and project maintenance
      • Documentation improvements
      • #913 — replace ingress-nginx which is EOL
        • Switched Kubernetes ingress example/docs from ingress-nginx to Traefik and replaced the old Vagrant example with a new RKE2/Traefik-based environment
        • Fixed malformed indentation in kubernetes/01-volumes-nfs.yml.example for the filescan volume section
        • Removed deprecated Kubernetes example files for ingress-nginx and the old separate NFS-server Vagrant setup
        • opensearch is no longer part of the hedgehog Docker Compose profile, and some depends_on relationships were adjusted accordingly
      • #942 - Fixed mutable default argument usage in Zeek threat feed helper functions (thanks @stef41)
      • #917 — develop IronBank (US DoD) images for Malcolm
    • 📄 Configuration changes for Malcolm (in environment variables in ./config/). The Malcolm control script (e.g., ./scripts/status, ./scripts/start) automatically handles creation and migration of variables according to ./config/env-var-actions.yml.
      • Added ZEEK_FILE_ANALYZER_TIMEOUT_SEC (default 5) to zeek.env. This is the default amount of time a file can be inactive before the file analysis gives up and discards any internal state related to the file.
      • ZEEK_CLUSTER_BACKEND can be specified in zeek.env to specify the Zeek cluster backend (ZeroMQ vs Broker).
    • ❌ Errata
      • Under NetBox → Plugins → NetBox HealthCheck Plugin → HealthCheck the error "unavailable: Unable to connect to Redis: Connection Error" is displayed. This is a side effect of #882 and does not actually indicate a problem with NetBox or its connection to Valkey. This will be fixed in the next release.

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  38. CW: release notes for Malcolm v26.05.0, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.0 delivers a mix of feature improvements, performance improvements, bug fixes, dependency updates, and deployment refinements across Malcolm and Hedgehog for both Docker- and Kubernetes-based workflows.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
      • #726 — use hierarchical structure for NetBox device roles
        • Expanded/reworked NetBox preloaded device roles into a hierarchical taxonomy (thanks Crubumble)
      • #867 — examine large chown'ed directories in container images and see if they can be reduced
      • #954 — allow users to provide custom netbox scripts to be automatically registered on startup (thanks PrudhviChanda)
        • Added NetBox custom script support in the container/runtime and docs, including bind-mounting ./netbox/custom-scripts and automatic script registration at startup
        • Renamed NetBox startup/control scripts from netbox/scripts to netbox/control-scripts
      • Added file.strings extraction/indexing/search support across Strelka → Logstash → OpenSearch templates (wildcard field mapping type) → Arkime/WISE
      • Added configurable Zeek file analyzer timeout via ZEEK_FILE_ANALYZER_TIMEOUT_SEC
      • netdev users in ISO-installed environment can run nmcli and nmtui to configure network interfaces.
      • the malcolm_appliance_packager.sh script that creates a tarball of Malcolm images can now package for both Malcolm and Hedgehog profiles.
    • ✅ Component version updates
    • 🐛 Bug fixes
      • #757 — multiple OpenSearch nodes (using Malcolm-Helm) fail to communicate with each other due to self-signed certs (thanks scott-jeffery)
        • OpenSearch post-start setup now supports configurable default replica counts instead of always forcing single-node replicas to 0
        • OpenSearch self-signed internal cert generation can now be skipped when external/preexisting certs are being used
      • #827 — Fix raspberry pi build which is broken since v25.12.0 Hedgehog/Malcolm platform unification
        • Updated Hedgehog Raspberry Pi docs and first-boot behavior/documentation
        • Hedgehog Raspberry Pi image now forces password change for sensor on first login and disables direct root password login by default
        • Refactored Raspberry Pi GitHub Actions build into reusable workflow .github/workflows/raspi-build-push.yml
      • #878 — Arkime capture Fails to Start on Hedgehog When WISE Web Config Is Enabled
        • Arkime RBAC role-mapping injection is now only applied when role-based access control is enabled
        • Arkime WISE configuration initialization now handles missing/empty persistent config files more robustly
        • Arkime live capture now normalizes WISE URLs better, follows redirects when probing, and avoids some bad URL construction edge cases
      • #957 — configuration script can disable ICS parsers unintentionally
      • #959 — Arkime sessions view attempts to load PCAP for Zeek and Suricata logs (which don't have PCAP) (see also arkime/arkime#3934)
      • Fixed one-off cleanup of interrupted Zeek intel files during stop --wipe
    • 🧹 Code and project maintenance
      • Documentation improvements
      • #913 — replace ingress-nginx which is EOL
        • Switched Kubernetes ingress example/docs from ingress-nginx to Traefik and replaced the old Vagrant example with a new RKE2/Traefik-based environment
        • Fixed malformed indentation in kubernetes/01-volumes-nfs.yml.example for the filescan volume section
        • Removed deprecated Kubernetes example files for ingress-nginx and the old separate NFS-server Vagrant setup
        • opensearch is no longer part of the hedgehog Docker Compose profile, and some depends_on relationships were adjusted accordingly
      • #942 - Fixed mutable default argument usage in Zeek threat feed helper functions (thanks @stef41)
      • #917 — develop IronBank (US DoD) images for Malcolm
    • 📄 Configuration changes for Malcolm (in environment variables in ./config/). The Malcolm control script (e.g., ./scripts/status, ./scripts/start) automatically handles creation and migration of variables according to ./config/env-var-actions.yml.
      • Added ZEEK_FILE_ANALYZER_TIMEOUT_SEC (default 5) to zeek.env. This is the default amount of time a file can be inactive before the file analysis gives up and discards any internal state related to the file.
      • ZEEK_CLUSTER_BACKEND can be specified in zeek.env to specify the Zeek cluster backend (ZeroMQ vs Broker).
    • ❌ Errata
      • Under NetBox → Plugins → NetBox HealthCheck Plugin → HealthCheck the error "unavailable: Unable to connect to Redis: Connection Error" is displayed. This is a side effect of #882 and does not actually indicate a problem with NetBox or its connection to Valkey. This will be fixed in the next release.

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  39. CW: release notes for Malcolm v26.05.0, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.0 delivers a mix of feature improvements, performance improvements, bug fixes, dependency updates, and deployment refinements across Malcolm and Hedgehog for both Docker- and Kubernetes-based workflows.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
      • #726 — use hierarchical structure for NetBox device roles
        • Expanded/reworked NetBox preloaded device roles into a hierarchical taxonomy (thanks Crubumble)
      • #867 — examine large chown'ed directories in container images and see if they can be reduced
      • #954 — allow users to provide custom netbox scripts to be automatically registered on startup (thanks PrudhviChanda)
        • Added NetBox custom script support in the container/runtime and docs, including bind-mounting ./netbox/custom-scripts and automatic script registration at startup
        • Renamed NetBox startup/control scripts from netbox/scripts to netbox/control-scripts
      • Added file.strings extraction/indexing/search support across Strelka → Logstash → OpenSearch templates (wildcard field mapping type) → Arkime/WISE
      • Added configurable Zeek file analyzer timeout via ZEEK_FILE_ANALYZER_TIMEOUT_SEC
      • netdev users in ISO-installed environment can run nmcli and nmtui to configure network interfaces.
      • the malcolm_appliance_packager.sh script that creates a tarball of Malcolm images can now package for both Malcolm and Hedgehog profiles.
    • ✅ Component version updates
    • 🐛 Bug fixes
      • #757 — multiple OpenSearch nodes (using Malcolm-Helm) fail to communicate with each other due to self-signed certs (thanks scott-jeffery)
        • OpenSearch post-start setup now supports configurable default replica counts instead of always forcing single-node replicas to 0
        • OpenSearch self-signed internal cert generation can now be skipped when external/preexisting certs are being used
      • #827 — Fix raspberry pi build which is broken since v25.12.0 Hedgehog/Malcolm platform unification
        • Updated Hedgehog Raspberry Pi docs and first-boot behavior/documentation
        • Hedgehog Raspberry Pi image now forces password change for sensor on first login and disables direct root password login by default
        • Refactored Raspberry Pi GitHub Actions build into reusable workflow .github/workflows/raspi-build-push.yml
      • #878 — Arkime capture Fails to Start on Hedgehog When WISE Web Config Is Enabled
        • Arkime RBAC role-mapping injection is now only applied when role-based access control is enabled
        • Arkime WISE configuration initialization now handles missing/empty persistent config files more robustly
        • Arkime live capture now normalizes WISE URLs better, follows redirects when probing, and avoids some bad URL construction edge cases
      • #957 — configuration script can disable ICS parsers unintentionally
      • #959 — Arkime sessions view attempts to load PCAP for Zeek and Suricata logs (which don't have PCAP) (see also arkime/arkime#3934)
      • Fixed one-off cleanup of interrupted Zeek intel files during stop --wipe
    • 🧹 Code and project maintenance
      • Documentation improvements
      • #913 — replace ingress-nginx which is EOL
        • Switched Kubernetes ingress example/docs from ingress-nginx to Traefik and replaced the old Vagrant example with a new RKE2/Traefik-based environment
        • Fixed malformed indentation in kubernetes/01-volumes-nfs.yml.example for the filescan volume section
        • Removed deprecated Kubernetes example files for ingress-nginx and the old separate NFS-server Vagrant setup
        • opensearch is no longer part of the hedgehog Docker Compose profile, and some depends_on relationships were adjusted accordingly
      • #942 - Fixed mutable default argument usage in Zeek threat feed helper functions (thanks @stef41)
      • #917 — develop IronBank (US DoD) images for Malcolm
    • 📄 Configuration changes for Malcolm (in environment variables in ./config/). The Malcolm control script (e.g., ./scripts/status, ./scripts/start) automatically handles creation and migration of variables according to ./config/env-var-actions.yml.
      • Added ZEEK_FILE_ANALYZER_TIMEOUT_SEC (default 5) to zeek.env. This is the default amount of time a file can be inactive before the file analysis gives up and discards any internal state related to the file.
      • ZEEK_CLUSTER_BACKEND can be specified in zeek.env to specify the Zeek cluster backend (ZeroMQ vs Broker).
    • ❌ Errata
      • Under NetBox → Plugins → NetBox HealthCheck Plugin → HealthCheck the error "unavailable: Unable to connect to Redis: Connection Error" is displayed. This is a side effect of #882 and does not actually indicate a problem with NetBox or its connection to Valkey. This will be fixed in the next release.

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  40. CW: release notes for Malcolm v26.05.0, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.0 delivers a mix of feature improvements, performance improvements, bug fixes, dependency updates, and deployment refinements across Malcolm and Hedgehog for both Docker- and Kubernetes-based workflows.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
      • #726 — use hierarchical structure for NetBox device roles
        • Expanded/reworked NetBox preloaded device roles into a hierarchical taxonomy (thanks Crubumble)
      • #867 — examine large chown'ed directories in container images and see if they can be reduced
      • #954 — allow users to provide custom netbox scripts to be automatically registered on startup (thanks PrudhviChanda)
        • Added NetBox custom script support in the container/runtime and docs, including bind-mounting ./netbox/custom-scripts and automatic script registration at startup
        • Renamed NetBox startup/control scripts from netbox/scripts to netbox/control-scripts
      • Added file.strings extraction/indexing/search support across Strelka → Logstash → OpenSearch templates (wildcard field mapping type) → Arkime/WISE
      • Added configurable Zeek file analyzer timeout via ZEEK_FILE_ANALYZER_TIMEOUT_SEC
      • netdev users in ISO-installed environment can run nmcli and nmtui to configure network interfaces.
      • the malcolm_appliance_packager.sh script that creates a tarball of Malcolm images can now package for both Malcolm and Hedgehog profiles.
    • ✅ Component version updates
    • 🐛 Bug fixes
      • #757 — multiple OpenSearch nodes (using Malcolm-Helm) fail to communicate with each other due to self-signed certs (thanks scott-jeffery)
        • OpenSearch post-start setup now supports configurable default replica counts instead of always forcing single-node replicas to 0
        • OpenSearch self-signed internal cert generation can now be skipped when external/preexisting certs are being used
      • #827 — Fix raspberry pi build which is broken since v25.12.0 Hedgehog/Malcolm platform unification
        • Updated Hedgehog Raspberry Pi docs and first-boot behavior/documentation
        • Hedgehog Raspberry Pi image now forces password change for sensor on first login and disables direct root password login by default
        • Refactored Raspberry Pi GitHub Actions build into reusable workflow .github/workflows/raspi-build-push.yml
      • #878 — Arkime capture Fails to Start on Hedgehog When WISE Web Config Is Enabled
        • Arkime RBAC role-mapping injection is now only applied when role-based access control is enabled
        • Arkime WISE configuration initialization now handles missing/empty persistent config files more robustly
        • Arkime live capture now normalizes WISE URLs better, follows redirects when probing, and avoids some bad URL construction edge cases
      • #957 — configuration script can disable ICS parsers unintentionally
      • #959 — Arkime sessions view attempts to load PCAP for Zeek and Suricata logs (which don't have PCAP) (see also arkime/arkime#3934)
      • Fixed one-off cleanup of interrupted Zeek intel files during stop --wipe
    • 🧹 Code and project maintenance
      • Documentation improvements
      • #913 — replace ingress-nginx which is EOL
        • Switched Kubernetes ingress example/docs from ingress-nginx to Traefik and replaced the old Vagrant example with a new RKE2/Traefik-based environment
        • Fixed malformed indentation in kubernetes/01-volumes-nfs.yml.example for the filescan volume section
        • Removed deprecated Kubernetes example files for ingress-nginx and the old separate NFS-server Vagrant setup
        • opensearch is no longer part of the hedgehog Docker Compose profile, and some depends_on relationships were adjusted accordingly
      • #942 - Fixed mutable default argument usage in Zeek threat feed helper functions (thanks @stef41)
      • #917 — develop IronBank (US DoD) images for Malcolm
    • 📄 Configuration changes for Malcolm (in environment variables in ./config/). The Malcolm control script (e.g., ./scripts/status, ./scripts/start) automatically handles creation and migration of variables according to ./config/env-var-actions.yml.
      • Added ZEEK_FILE_ANALYZER_TIMEOUT_SEC (default 5) to zeek.env. This is the default amount of time a file can be inactive before the file analysis gives up and discards any internal state related to the file.
      • ZEEK_CLUSTER_BACKEND can be specified in zeek.env to specify the Zeek cluster backend (ZeroMQ vs Broker).
    • ❌ Errata
      • Under NetBox → Plugins → NetBox HealthCheck Plugin → HealthCheck the error "unavailable: Unable to connect to Redis: Connection Error" is displayed. This is a side effect of #882 and does not actually indicate a problem with NetBox or its connection to Valkey. This will be fixed in the next release.

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  41. CW: release notes for Malcolm v26.05.0, a network traffic analysis tool suite for network security monitoring

    Malcolm v26.05.0 delivers a mix of feature improvements, performance improvements, bug fixes, dependency updates, and deployment refinements across Malcolm and Hedgehog for both Docker- and Kubernetes-based workflows.

    If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

    github.com/idaholab/Malcolm/co

    • ✨ Features and enhancements
      • #726 — use hierarchical structure for NetBox device roles
        • Expanded/reworked NetBox preloaded device roles into a hierarchical taxonomy (thanks Crubumble)
      • #867 — examine large chown'ed directories in container images and see if they can be reduced
      • #954 — allow users to provide custom netbox scripts to be automatically registered on startup (thanks PrudhviChanda)
        • Added NetBox custom script support in the container/runtime and docs, including bind-mounting ./netbox/custom-scripts and automatic script registration at startup
        • Renamed NetBox startup/control scripts from netbox/scripts to netbox/control-scripts
      • Added file.strings extraction/indexing/search support across Strelka → Logstash → OpenSearch templates (wildcard field mapping type) → Arkime/WISE
      • Added configurable Zeek file analyzer timeout via ZEEK_FILE_ANALYZER_TIMEOUT_SEC
      • netdev users in ISO-installed environment can run nmcli and nmtui to configure network interfaces.
      • the malcolm_appliance_packager.sh script that creates a tarball of Malcolm images can now package for both Malcolm and Hedgehog profiles.
    • ✅ Component version updates
    • 🐛 Bug fixes
      • #757 — multiple OpenSearch nodes (using Malcolm-Helm) fail to communicate with each other due to self-signed certs (thanks scott-jeffery)
        • OpenSearch post-start setup now supports configurable default replica counts instead of always forcing single-node replicas to 0
        • OpenSearch self-signed internal cert generation can now be skipped when external/preexisting certs are being used
      • #827 — Fix raspberry pi build which is broken since v25.12.0 Hedgehog/Malcolm platform unification
        • Updated Hedgehog Raspberry Pi docs and first-boot behavior/documentation
        • Hedgehog Raspberry Pi image now forces password change for sensor on first login and disables direct root password login by default
        • Refactored Raspberry Pi GitHub Actions build into reusable workflow .github/workflows/raspi-build-push.yml
      • #878 — Arkime capture Fails to Start on Hedgehog When WISE Web Config Is Enabled
        • Arkime RBAC role-mapping injection is now only applied when role-based access control is enabled
        • Arkime WISE configuration initialization now handles missing/empty persistent config files more robustly
        • Arkime live capture now normalizes WISE URLs better, follows redirects when probing, and avoids some bad URL construction edge cases
      • #957 — configuration script can disable ICS parsers unintentionally
      • #959 — Arkime sessions view attempts to load PCAP for Zeek and Suricata logs (which don't have PCAP) (see also arkime/arkime#3934)
      • Fixed one-off cleanup of interrupted Zeek intel files during stop --wipe
    • 🧹 Code and project maintenance
      • Documentation improvements
      • #913 — replace ingress-nginx which is EOL
        • Switched Kubernetes ingress example/docs from ingress-nginx to Traefik and replaced the old Vagrant example with a new RKE2/Traefik-based environment
        • Fixed malformed indentation in kubernetes/01-volumes-nfs.yml.example for the filescan volume section
        • Removed deprecated Kubernetes example files for ingress-nginx and the old separate NFS-server Vagrant setup
        • opensearch is no longer part of the hedgehog Docker Compose profile, and some depends_on relationships were adjusted accordingly
      • #942 - Fixed mutable default argument usage in Zeek threat feed helper functions (thanks @stef41)
      • #917 — develop IronBank (US DoD) images for Malcolm
    • 📄 Configuration changes for Malcolm (in environment variables in ./config/). The Malcolm control script (e.g., ./scripts/status, ./scripts/start) automatically handles creation and migration of variables according to ./config/env-var-actions.yml.
      • Added ZEEK_FILE_ANALYZER_TIMEOUT_SEC (default 5) to zeek.env. This is the default amount of time a file can be inactive before the file analysis gives up and discards any internal state related to the file.
      • ZEEK_CLUSTER_BACKEND can be specified in zeek.env to specify the Zeek cluster backend (ZeroMQ vs Broker).
    • ❌ Errata
      • Under NetBox → Plugins → NetBox HealthCheck Plugin → HealthCheck the error "unavailable: Unable to connect to Redis: Connection Error" is displayed. This is a side effect of #882 and does not actually indicate a problem with NetBox or its connection to Valkey. This will be fixed in the next release.

    Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

    Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

    Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

    As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

    #Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

  42. OpenSearch 3.6 is here! Here's a short clip with my highlights for the release.
    @OpenSearchProject

  43. Hello Community - Dmitry Kan & Tony Piazza are looking for input from you. Their idea is to enhance the OpenSearch Project Migration Assistant for multi-cloud and would appreciate your feedback on this RFC

    github.com/opensearch-project/

  44. 🚨 The North America CFP deadline is approaching quick! Be sure to get your ideas submitted to be part of the exciting lineup of talks from the community in San Jose. Hope to see you there @OpenSearchProject
    events.linuxfoundation.org/ope

  45. 🚨 The #OpenSearchCon North America CFP deadline is approaching quick! Be sure to get your ideas submitted to be part of the exciting lineup of talks from the #OpenSearch community in San Jose. Hope to see you there @OpenSearchProject
    events.linuxfoundation.org/ope

  46. 🚨 The #OpenSearchCon North America CFP deadline is approaching quick! Be sure to get your ideas submitted to be part of the exciting lineup of talks from the #OpenSearch community in San Jose. Hope to see you there @OpenSearchProject
    events.linuxfoundation.org/ope

  47. 🚨 The #OpenSearchCon North America CFP deadline is approaching quick! Be sure to get your ideas submitted to be part of the exciting lineup of talks from the #OpenSearch community in San Jose. Hope to see you there @OpenSearchProject
    events.linuxfoundation.org/ope

  48. 🚨 The #OpenSearchCon North America CFP deadline is approaching quick! Be sure to get your ideas submitted to be part of the exciting lineup of talks from the #OpenSearch community in San Jose. Hope to see you there @OpenSearchProject
    events.linuxfoundation.org/ope