-
Notifications
You must be signed in to change notification settings - Fork 365
Learning
Seth Grover edited this page Apr 29, 2025
·
19 revisions
The Malcolm team is always working to develop and improve resources for learning about how to deploy, configure, and use Malcolm. This list organizes learning modules by category with links to the documentation and video resources associated with each topic. If you have an idea or request for a training topic, please let us know by submitting a training issue request or opening a new discussion in the Training category on the discussions board.
Learning topics are also tracked as issues in this project on the Malcolm GitHub repository.
If you're not looking for training per se, the Q&A and Troubleshooting discussion categories are a great place to go for help. Or, if you have a feature request or think you've found a bug in Malcolm, check out the Issue Tracker.
- Legend
- π Malcolm documentation
- π External documentation
- πΌ Malcolm Video
- πΊ External video
- π Coming soon
| Category | Topic | Documentation | Video |
|---|---|---|---|
| Overview | Using GitHub | π π π | πΌ |
| Overview | Malcolm Overview | π | πΌ |
| Overview | Malcolm Background | πΌ | |
| Overview | Malcolm Terms & Definitions | π | π |
| General | Malcolm Technical Workshop | π | π |
| Installation | Installing Malcolm Using the Installation ISO | π π π | πΌ |
| Installation | Installing Malcolm on Linux Using Docker | π π | πΌ |
| Installation | Installing Malcolm on Microsoft Windows Using WSL & Docker | π | πΌ |
| Installation | Installing Malcolm on macOS Using Docker | π | π |
| Installation | Cloud Deployment: Deploying Malcolm Using Kubernetes | π | π |
| Installation | Cloud Deployment: Deploying Malcolm Using Amazon AWS EKS | π | π |
| Installation | Cloud Deployment: Deploying Malcolm Using Microsoft Azure AKS | π | π |
| Installation | Cloud Deployment: Deploying Malcolm Using AWS EC2 with AMI | π | π |
| Configuration | Configuring Malcolm | π π | πΌ |
| Configuration | Authentication and User Management | π | π |
| Configuration | Running Malcolm | π | πΌ |
| Configuration | Ingesting Traffic: Capturing Live Network Traffic for Analysis | π | π |
| Configuration | Ingesting Traffic: Uploading PCAP for Analysis | π | π |
| Configuration | Using a Remote OpenSearch or Elasticearch Instance | π | π |
| Configuration | Managing OpenSearch/Elasticsearch Indexes | π π | π |
| Configuration | Using Custom Rules and Scripts | π | π |
| Dashboards | OpenSearch Dashboards Overview | π π | πΌ |
| Dashboards | Pre-Built Dashboards | π π | π |
| Dashboards | Queries and Filters | π π π π π π π π | π |
| Dashboards | Security-focused Dashboards | π | π |
| Dashboards | Discover | π | π |
| Dashboards | Anomaly Detection | π | π |
| Dashboards | Creating Custom Dashboards | π | π |
| Dashboards | Alerting: Configuring Email for Alerting | π | π |
| Dashboards | Alerting: Alerting | π | π |
| Arkime | Arkime Overview | π π | πΌ |
| Arkime | Queries and Filters | π | π |
| Arkime | Sessions | π | π |
| Arkime | SPIView | π | π |
| Arkime | SPIGraph | π | π |
| Arkime | Connections | π | π |
| Arkime | Hunt | π | π |
| Arkime | CyberChef | π π | π |
| NetBox | NetBox Overview | π π π | πΌ πΊ |
| NetBox | NetBox Data Model | π | π |
| NetBox | Manual Inventory Population | π ππ | π πΊ |
| NetBox | Automatic Inventory Population | π | π |
| NetBox | Asset Interaction Analysis | π π | π |
| NetBox | Backing up and Restoring the NetBox Inventory | π | π |
| Analysis | Hypothesis-Driven Hunting Fundamentals | π | π |
| Analysis | Pivoting Between Data Sources | π | π |
| Analysis | File Extraction and Analysis | π | π |
| Analysis | Severity Scoring | π | π |
| Analysis | Forwarding Third-Party Logs to Malcolm | π | π |
| Analysis | Using Threat Intelligence Feeds | π π π | π |
| Analysis | Log Enrichment | π | π |
| Analysis | Using the Malcolm REST API | π | π |
| Hedgehog Linux | Installing Hedgehog Linux | π π | πΌ |
| Hedgehog Linux | Configuring Hedgehog Linux | π | πΌ |
| Hedgehog Linux | Sensor Placement Fundamentals | π | πΌ |
| Hedgehog Linux | Operation: Running Hedgehog Linux | π | π |
| Hedgehog Linux | Operation: Monitoring Sensor Metrics | π | π |
| Parsers | Parsnip Overview | π | πΌ |
| Parsers | Parsnip Language Overview | π | πΌ |
| Parsers | Parsnip Intermediate Language | π | πΌ |