Logo

A powerful, easily deployable network traffic analysis tool suite for network security monitoring

Quick Start

Documentation

Components

Supported Protocols

Configuring

Arkime

Dashboards

Hedgehog Linux

Contribution Guide

Recommended system requirements

Malcolm runs on top of Docker, which runs on recent releases of Linux, Apple macOS, and Microsoft Windows 10 and up. Malcolm can also be deployed with Podman, or in the cloud with Kubernetes.

To quote the Elasticsearch documentation, “If there is one resource that you will run out of first, it will likely be memory.” Malcolm requires a minimum of 8 CPU cores and 24 gigabytes of RAM on a dedicated server, but Malcolm developers recommend 16+ CPU cores and 32+ gigabytes of RAM for an optimal experience. Users will want as much available disk storage as possible (preferrably solid state storage), as the amount of PCAP data a machine can analyze and store will be limited by available storage space.

Arkime’s wiki has documents (here and here and here and a calculator here) that may be helpful, although not everything in those documents will apply to a containerized setup such as Malcolm.