Version 5.7.1

No changelog for this release.

Full Changelog: 5.7.0...5.7.1

Version 5.7.0

Enhancements:

• #1095 [Virustotal Downloader] Increase Confidence Level to High
• #1086 Modularization of relation refs
• #1080 [Sentinel] Stream connector to use a stream ID
• #1079 Add CaseRfi and CaseRft to export files
• #1024 [TAXII2 Client] Use Pagination
• #1014 [misp] Add an option to enforce warning lists when searching events / attributes
• #932 [misp] Guess threats using tags
• #756 [YARA search] Create the enrichment connector for artifacts
• #736 [Mandiant] Mscore is not taken into account

Bug Fixes:

• #1082 [Sentinel] Stream connectors needs a try and catch processing the message
• #1058 [connector-cape] fail to parse json when analysis report found clamAV signature

Pull Requests:

• Update Dockerfile by @lamtn1 in #1061
• Update flake8 line length to 120 by @SYNchroACK in #1077
• Update .env.dist by @lamtn1 in #1062
• Connector cape fix clamav json structure by @aakloul in #1057
• IPQS Fraud and Risk Scoring Connector by @RamboV in #1065
• [connectors] remove Case in export files and Add feedback and Case Incident by @SarahBocognano in #1097
• [taxii2] Added pagination to taxii connector by @annoyingapt in #1091
• [mandiant] Added mscore to mandiant connector by @annoyingapt in #1090
• [Sentinel] adding a try to avoid crashing the container whenever it c… by @RaulSokolova in #1093
• [ivre/shodan] Migrate Stix Cyber Observable Relationship to Stix Ref Relationship by @RomuDeuxfois in #1087
• [connectors] Add CaseRfi and CaseRft to export files (#issue/1079) by @SarahBocognano in #1098
• [internal-enrichment][LastInfoSec] We are now able to contextualize url also by @remydewa in #1089
• [Virustotal Downloader] Increase Default Confidence Level to 100, resolves #1095 by @YungBinary in #1096
• Introduce the YARA connector by @mattreduce in #1094

New Contributors:

• @lamtn1 made their first contribution in #1061
• @RamboV made their first contribution in #1065
• @annoyingapt made their first contribution in #1091

Full Changelog: 5.6.2...5.7.0

Version 5.6.2

Pull Requests:

• Connector-Urlhaus -- Caching and state output by @sommerda in #1026

Full Changelog: 5.6.1...5.6.2

Version 5.6.1

No changelog for this release.

Full Changelog: 5.6.0...5.6.1

Version 5.6.0

Enhancements:

• #935 [MWDB] Disabling SSL Verification

Bug Fixes:

• #1047 [MISP] Fix text observable values
• #1040 MISP connector crashing with "TypeError"
• #1045 MISP connector crashing with "TypeError"
• #1037 [misp-connector] current_page type None
• #1051 Errors when importing Stix
• #1023 [sentinel] STREAM connector issues
• #1020 [mandiant] Error in connector
• #983 Elastic Connector - passing a wildcard () to the get API (e.g. GET /metricbeat-/_doc/1) which is not allowed
• #978 [virustotal-livehunt-rules] Fails to display error message.
• #965 [VirusTotal Enrichment] Errors out when enriching Domains, IPs and URLs
• #960 [URLScan] Connector errors out with: 'NoneType' object has no attribute 'split'
• #941 STIX Connector not importing all data / breaking import page on 5.5.3
• #931 [ExportReportPDF] Cannot export PDF file because StixCoreObject class does not have a read method
• #859 [cisa-known-exploited-vulnerabilities] - Nothing created from connector

Pull Requests:

• Update build dependencies for shodan-internetdb, import-file-stix by @ckane in #1025
• Improve OpenCTI Datasets connector by @SYNchroACK in #988
• Improve MITRE Datasets connector by @SYNchroACK in #987
• Connector-Elastic - shifted _alias print statement to valid position by @sommerda in #1027
• Optimize SDO .read() operations in [hygiene] and [shodan-internetdb] enrichment connectors by @ckane in #1028
• [urlhaus] & [malwarebazaar] Minimize data from SDO read() operation by @ckane in #1031
• Update Sentinel connector by @The-Stuke in #1041
• Connector-Elastic -- implemented URL-stix2-parsing and checks by @sommerda in #1029
• Connector-Mandiant -- reduced errors due to 'redacted' content by @sommerda in #1030
• [import-document] [import-file-stix] Update version of dependencies by @ckane in #1033
• Set user agent for crowdsec connector to crowdsec-opencti/v1.0.0 by @sbs2001 in #1034
• version 1.0.1 of RF Notes connector by @Jonah-RF in #1043
• Socprime connector fix by @vu-socprime in #1053

Full Changelog: 5.5.4...5.6.0

Version 5.5.4

Bug Fixes:

• #1018 [mitre] CAPEC STIX data doesn't get ingested
• #944 CISA crashes when a null createdBy is present

Pull Requests:

• [Mitre] Fix CAPEC URL for STIX data by @akshaysth in #1019
• [connectors] Txt location export bug fix (#2821) by @Archidoit in #1017
• CrowdSec: Update the error message for quota exceed by @sbs2001 in #1015
• [connectors] selected StixSightingRelationships export (#2735) by @Archidoit in #1016
• Microsoft Sentinel Connector Creation by @The-Stuke in #1012

New Contributors:

• @The-Stuke made their first contribution in #1012

Full Changelog: 5.5.3...5.5.4

Version 5.5.3

Enhancements:

• #991 Async/High-throughput Connectors

Bug Fixes:

• #1008 [misp-feed] CIRCL feed ingestion fails due to missing 'Attribute' key
• #996 Connector-MISP: "IndexError: list index out of range Killed"
• #985 Connector export PDF throws error when exporting an intrusion set
• #981 [MWDB] ERROR:root:nothing to repeat at position 0
• #974 [VX Vault] Connector leaves a trailing \n character in the name and value of imported indicators and observables
• #973 [VXVault] Connector imports garbage data (HTML tags and blank events)
• #971 [VXVault] connector seems to be broken - failing to import threat intelligence

Pull Requests:

• [VXVault] - Fix #973 and #974 - connector imports garbage data by @GraemeMeyerGT in #975
• [virustotal-livehunt-rules] Fixing error message which doesn't displa… by @RaulSokolova in #979
• Fix method to take into account uppercase tags by @fscc-samiR in #984
• [MWDB] Selfsigned certificate support + various bug fixes by @aaarghhh in #989
• [ironnet] Fix IP indicator config option by @rlynch-ironnet in #994
• [VirusTotal] Connector async and added url upload by @sc0ttes in #995
• [VirusTotal] Made IP and Domain relationships optional by @sc0ttes in #998
• [VirusTotal] Ignore empty categories by @sc0ttes in #999
• Connector-Elastic - ECS 8.0.0 compatibility by @sommerda in #1002
• Connector-Elastic - index pattern is used wrongly by @sommerda in #1001
• Connector-Elastic - allowing self-termination by @sommerda in #1003
• Connector-Elastic - datemath requires arrow instead of datetime by @sommerda in #1006
• Connector Abuse-SSL - fixed STIX attribute string: ipv4 -> ipv4-addr by @sommerda in #1005
• setting Attribute key to empty array if not present by @akshaysth in #1009
• Export only selected entities (#1741) by @Archidoit in #1000
• Connector-Elastic - allowing less privileged Elasticsearch access by @sommerda in #1007
• Connector-Elastic - allow sightings-manager to restart the container by @sommerda in #1011
• List exports bug fixes for contained data (#2804) by @Archidoit in #1010

New Contributors

• @GraemeMeyerGT made their first contribution in #975
• @sommerda made their first contribution in #1002
• @akshaysth made their first contribution in #1009
• @Archidoit made their first contribution in #1000

Full Changelog: 5.5.2...5.5.3

Version 5.5.2

Enhancements:

• #910 [DomainTools] Create the connector

Bug Fixes:

• #958 [BUG][MISP] Connector creating a runaway task loop - Leading to Platform Stall
• #952 [Mandiant] News Analysis report creates duplicate notes

Pull Requests:

• Webhook connector by @sc0ttes in #966
• VirusTotal fixes by @sc0ttes in #967
• [urlscan] Fix blob urls by @rlynch-ironnet in #968
• Remove unused property in Readme by @RomuDeuxfois in #962
• [all] Release 5.5.2 by @SarahBocognano in #969

New Contributors:

• @RomuDeuxfois made their first contribution in #962

Full Changelog: 5.5.1...5.5.2

Version 5.5.1

Enhancements:

• #782 [Trickest] Create the connector

Pull Requests:

• [virustotal] "name" key enrichment fix by @sc0ttes in #956
• [virustotal] x_opencti_score of NoneType throws comparison error by @sc0ttes in #954
• [splunk] Use JWT for Splunk auth, sanitize kvstore keys, ignore some entity types by @guiguitodelperuu in #961
• [VirusTotal] Upload unseen artifacts option by @sc0ttes in #959

New Contributors:

• @guiguitodelperuu made their first contribution in #961

Full Changelog: 5.5.0...5.5.1

Version 5.5.0

Enhancements:

• #924 [FlashPoint] Create the connector
• #824 [Mandiant] Connector not parsing reports

Bug Fixes:

• #934 [cybercrime-tracker] ERROR:root:'NoneType' object is not subscriptable
• #933 Mandiant connector not creating relationships

Pull Requests:

• Upgrading API client by @mmolenda in #937
• cybersixgill darkfeed connector by @Umamahesh-Loginsoft in #943
• Splunk stream to be able to recover from errors by @RaulSokolova in #950
• New enrichment connector: Tagger by @SYNchroACK in #946
• [domaintools] add enrichment connector by @axelfahy in #951
• [virustotal] Flag for option to keep higher score of VirusTotal or existing score by @sc0ttes in #953

New Contributors:

• @Umamahesh-Loginsoft made their first contribution in #943
• @sc0ttes made their first contribution in #953

Full Changelog: 5.4.1...5.5.0