Malcolm is a network traffic analysis tool suite designed for ease of use and powerful insights into network communications. It supports various data formats, including full packet capture (PCAP) files, Zeek logs, and Suricata alerts. Users can upload data through a browser-based interface or capture it live using lightweight forwarders. The tool automatically normalizes, enriches, and correlates this data, making it accessible for analysis. The suite includes two main interfaces: OpenSearch Dashboards for data visualization and Arkime for in-depth session analysis related to potential security incidents. Malcolm operates using a container-based deployment model, allowing for quick setup across different platforms, whether on a Linux server in a security operations center (SOC) or on a MacBook during an incident response. Communications with Malcolm are encrypted, ensuring secure data handling. Malcolm is built on multiple open-source tools and is licensed under the permissive Apache License 2.0, making it an appealing option compared to proprietary solutions. The development team is focused on expanding its capabilities, particularly for industrial control systems (ICS), by adding more parsers for common ICS protocols. Users can contribute to Malcolm's development by providing feedback through a survey linked in the documentation.