-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Mikhail Kasimov edited this page Feb 11, 2024
·
14 revisions
Q1: What is Maltrail all about?
- A1: Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists.
Q2: Can I freely use Maltrail in my infrastructure?
- A2: Certainly. You can freely use Maltrail in your infrastructure. It is released under MIT-license.
Q3: Can Maltrail be used along with other IDS/IPS solutions?
- A3: Yes. Maltrail can be used without any conflicts with any known IDS/IPS solutions, including open-source ones. Maltrail has its own approach to malicious network traffic detection, which can either be used as a dedicated or complementary solution to other IDS/IPS solutions.
Q4: What OS does Maltrail support?
- A4: Maltrail is written in Python, so it should be portable to any OS. Nevertheless, Maltrail has been originally written for Linux systems, while recently ported to *BSD systems.
Q5: Can Maltrail be integrated into other solutions?
- A5: Yes. An updated list of products, which use Maltrail, can be found on Maltrail Third-party Integrations page.
Q6: I have discovered a vulnerability in Maltrail code. How can I report about it?
- A6: Meet the action algorithm in Reporting Maltrail Security Vulnerability description.
Q7: I see an error message SystemError: PY_SSIZE_T_CLEAN macro must be defined for '#' formats, when Maltrail sensor is getting started. How to fix it?
-
A7: Looks like use use
pcapylib instead ofpcapy-ng(Issue). Using ofpcapylib instead ofpcapy-ngcan lead to incorrect work of Maltrail, especially on Python 3.x environments (Examples). Also be sure, that you use the actual version of Maltrail, downloaded from its Git repo: actual Maltrail verions contain the handler, which should output[!] seems that you are not using pcapy-ng (https://pypi.org/project/pcapy-ng/)message to console, when sensor starts withpcapylib instead ofpcapy-ng. Uninstallpcapylib withpip3 uninstall pcapycommand, installpcapy-nglib withpip3 install pcapy-ngcommand and then start Maltrail sensor again. Everything should work OK now. Otherwise, put the bug-report to Maltrail's Issue Tracker.
- FAQ - Frequently Asked Questions
- Trail classes - Information about different classes of trails
- Specific detections - Information about Maltrail specific detections
- Maltrail trails structure - Information about Maltrail trails structure
- Maltrail trails base format - Information about Maltrail trails base format
- Maltrail trails contribution - Information about Maltrail trails contribution
- Maltrail detection nuances - Information about Maltrail detection nuances
- Maltrail verdicts on Validin Threat Hunting and DNS Enrichment Platform - Information about Maltrail verdicts on Validin Threat Hunting and DNS Enrichment Platform
- UI tips and tricks - Brief list of user interface features
- CLI management for Maltrail - Information about CLI management for Maltrail
- Miscellaneous - Miscellaneous HOWTOs