→

Malcolm ships Suricata as its IDS engine

BundlesCurated

Malcolm includes Suricata as one of its ~15 Docker containers, running it in IDS mode for signature-based threat detection. Suricata is preconfigured with automatic rule updates and its EVE JSON alerts flow directly into Malcolm's OpenSearch cluster.

MalcolmView →SuricataView →