-
Notifications
You must be signed in to change notification settings - Fork 331
Learning
The Malcolm team is always working to develop and improve resources for learning about how to deploy, configure, and use Malcolm. This list organizes learning modules by category with links to the documentation and video resources associated with each topic. If you have an idea or request for a training topic, please let us know by submitting a training issue request or opening a new discussion in the Training category on the discussions board.
Learning topics are also tracked as issues in this project on the Malcolm GitHub repository.
If you're not looking for training per se, the Q&A and Troubleshooting discussion categories are a great place to go for help. Or, if you have a feature request or think you've found a bug in Malcolm, check out the Issue Tracker.
- Legend
- π Malcolm documentation
- π External documentation
- πΌ Video
- π Coming soon
| Category | Topic | Documentation | Video |
|---|---|---|---|
| Overview | GitHub Overview | π π π | π |
| Overview | Malcolm Overview | π | πΌ |
| Overview | Malcolm Background | π | π |
| Overview | Malcolm Terms & Definitions | π | π |
| General | Malcolm Technical Workshop | π | π |
| Installation | Installing Malcolm Using the Installation ISO | π π π | πΌ |
| Installation | Installing Malcolm on Linux Using Docker | π π | πΌ |
| Installation | Installing Malcolm on Microsoft Windows Using WSL & Docker | π | π |
| Installation | Installing Malcolm on macOS Using Docker | π | π |
| Installation | Cloud Deployment: Deploying Malcolm Using Kubernetes | π | π |
| Installation | Cloud Deployment: Deploying Malcolm Using Amazon AWS EKS | π | π |
| Installation | Cloud Deployment: Deploying Malcolm Using AWS EC2 with AMI | π | π |
| Configuration | Configuring Malcolm | π π | π |
| Configuration | Authentication and User Management | π | π |
| Configuration | Running Malcolm | π | π |
| Configuration | Ingesting Traffic: Capturing Live Network Traffic for Analysis | π | π |
| Configuration | Ingesting Traffic: Uploading PCAP for Analysis | π | π |
| Configuration | Sensor Placement | π | π |
| Configuration | Using a Remote OpenSearch or Elasticearch Instance | π | π |
| Configuration | Managing OpenSearch/Elasticsearch Indexes | π π | π |
| Dashboards | OpenSearch Dashboards Overview | π π | πΌ |
| Dashboards | Pre-Built Dashboards | π | π |
| Dashboards | Queries and Filters | π | π |
| Dashboards | Notices and Signatures | π | π |
| Dashboards | Discover | π | π |
| Dashboards | Anomaly Detection | π | π |
| Dashboards | Creating Custom Dashboards | π | π |
| Dashboards | Alerting: Configuring Email for Alerting | π | π |
| Dashboards | Alerting: Alerting | π | π |
| Arkime | Arkime Overview | π π | πΌ |
| Arkime | Queries and Filters | π | π |
| Arkime | Sessions | π | π |
| Arkime | SPIView | π | π |
| Arkime | SPIGraph | π | π |
| Arkime | Connections | π | π |
| Arkime | Hunt | π | π |
| Arkime | CyberChef | π π | π |
| NetBox | NetBox Overview | π π | πΌ |
| NetBox | Manual Inventory Population | π | π |
| NetBox | Automatic Inventory Population | π | π |
| NetBox | Asset Interaction Analysis | π | π |
| NetBox | Backing up and Restoring the NetBox Inventory | π | π |
| Analysis | Pivoting Between Data Sources | π | π |
| Analysis | File Extraction and Analysis | π | π |
| Analysis | Severity Scoring | π | π |
| Integrations | Forwarding Third-Party Logs to Malcolm | π | π |
| Integrations | Using Threat Intelligence Feeds | π | π |
| Other | Log Enrichment | π | π |
| Configuration | Using Custom Rules and Scripts | π | π |
| Other | Using the Malcolm REST API | π | π |
| Hedgehog Linux | Installing Hedgehog Linux | π π | π |
| Hedgehog Linux | Configuring Hedgehog Linux | π | π |
| Hedgehog Linux | Operation: Running Hedgehog Linux | π | π |
| Hedgehog Linux | Operation: Monitoring Sensor Metrics | π | π |