A powerful, easily deployable network traffic analysis tool suite for network security monitoring
The purpose of this document is to provide some direction for those willing to modify Malcolm, whether for local customization or for contribution to the Malcolm project.
It is recommended before reviewing this guide to read the documentation on custom rules and scripts, which outlines customizations that can be made to the behavior of Suricata, Zeek, and YARA.