Network Traffic Capture Appliance
Hedgehog Linux is a Debian-based operating system built to
- monitor network interfaces
- capture packets to PCAP files
- detect file transfers in network traffic and extract and scan those files for threats
- generate and forward Zeek logs, Arkime sessions, and other information to [Malcolm]({{ site.github.repository_url }})
- Sensor installation
- Boot
- Configuration
- Configure Hostname, Interfaces and Time Sync
- Configure Capture
- Configure Forwarding
- arkime-capture: Arkime session forwarding
- ssl-client-receive: Receive client SSL files for filebeat from Malcolm
- filebeat: Zeek and Suricata log forwarding
- miscbeat: System metrics forwarding
- acl-configure: Configure ACL for artifact reachback from Malcolm
- tags-configure: Specify extra tags for forwarded logs
- Autostart services
- Managing disk usage
- Zeek Intelligence Framework
- Custom Rules, Scripts and Plugins
- Tuning
- Appendix A - Generating the ISO
- Appendix B - Generating a Raspberry Pi Image
- Appendix C - Configuring SSH access
- Appendix D - Troubleshooting
- Appendix E - Hardening
- Appendix F - Upgrades