Question 1

How to install Malcom on Ubuntu?

Accepted Answer

Follow the step-by-step guide in the README: install dependencies like MongoDB and Redis, set up a Python virtualenv, download Scapy, and configure the database. Docker is a simpler alternative.

Question 2

Malcom vs Wireshark for malware analysis?

Accepted Answer

Malcom focuses on visualizing and cross-referencing network traffic with threat intelligence for malware-specific insights, while Wireshark is a general packet analyzer for deep protocol inspection.

Question 3

Can Malcom analyze encrypted TLS traffic?

Accepted Answer

Yes, it supports TLS interception with manual key generation and IPtables port forwarding, but this requires root access and additional setup, as detailed in the README section on TLS interception.

Question 4

How to add custom threat feeds to Malcom?

Accepted Answer

Use the wiki tutorial: create feed scripts that generate Evil objects, with an example in the zeustracker feed directory, allowing integration of custom intelligence sources.

Question 5

Is Malcom suitable for real-time monitoring?

Accepted Answer

No, it's designed for post-capture analysis and visualization, not real-time detection. The README advises against using it on high-availability networks due to performance limitations.

Question 6

What are the system requirements for Malcom?

Accepted Answer

Tested on Ubuntu Server 14.04 LTS; requires MongoDB, Redis, Python with virtualenv, and other dependencies listed in the installation section. Docker can simplify environment setup.

Malcom

What is Malcom?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions