cisagov/Malcolm — reverse-engineered prompt

Build me a self hosted network traffic analysis toolkit that I can bring up quickly and use through a browser. I want to be able to upload PCAP files, Zeek logs, and Suricata alerts, and also have the option to capture or forward live traffic into it. Once data comes in, it should be automatically normalized, enriched, and tied together so I can investigate incidents without a lot of manual work.

Give me a clean web experience with two main views, one for dashboards and visual summaries of protocols and activity, and another for digging into individual network sessions and packets. It should feel ready for security monitoring and incident response, work well on a Linux server but also be realistic to run locally for a smaller investigation, and use secure encrypted communications for the interfaces and data flow.

Please set it up in a container based way with simple scripts or commands for starting and managing it. If anything is unclear, check the project docs online and wire up the sensible defaults.