Changelog#
3.4.0 (2024-12-09)#
Closed issues:
- [FR] Enhance Crowdstrike Falcon integration with TheHive #1296
Merged pull requests:
- Multiple Analyzers & Responders for CrowdstrikeFalcon #1297 (nusantara-self)
- Capa Analyzer - Code improvements #1295 (nusantara-self)
3.3.8 (2024-11-08)#
Closed issues:
- [Bug] OpenCTI Analyzer #1280
- [Bug] Requirements don't get installed for new responder #1259
- [Bug] Fortiguard parser error #1228
- [Bug][URLhaus_2_0] - Empty summary for positive results #1210
- [FR] Add Microsoft 365 Defender responder for Tenant Allow/Block List #1102
- [FR] Add EchoTrail analyzer #1099
- [Bug] KnowBe4 Responder Missing Config Options #1086
- [FR] JAMF Protect Prevent list responder #1292
- [FR] Add AWS Lambda responder #1289
- [FR] Censys Analyzer v2 #1287
- [FR] Fix the version of TheHive4py dependencies in existing responders #1281
- [Bug] Phistank analyzer failing #1276
- New Analyzer: QrDecode #1274
- [FR] Update Triage Analyzer to Configure Sandbox API #1263
- [FR] mail-subject dataType should be used instead of mail_subject #1260
- [FR] EclecticIQ Responder #1257
- [FR] EclecticIQ Analyser #1255
- [FR] Added capabilities/features for Microsoft Defender for Endpoint responder #1229
- [FR]Binalyze AIR responder #1218
- AWX Responder #1213
- Add a responder to send case information to Telegram #1132
- Hybrid Analysis Analyzer not working anymore #1090
- [FR] DNSDumpster analyzer #1056
- [FR] Okta User Lookup Analyzer #1047
- Abuse_Finder_3_0 [KeyError: '\s'] #940
- TorBlutmagie_1_0 doesn't work [Bug] #829
- New Analyzer: Fireeye Capa (WIP) #822
Merged pull requests:
- Update urlcategory.py #1154 (lucamemini)
- Netcraft Cortex responder #1053 (korteke)
- Update analyzers & responders upgrade guide #1294 (nusantara-self)
- Add JAMF Protect Prevent List responder #1293 (nusantara-self)
- Refactor Censys Analyzer for Censys API Version 2 #1288 (nusantara-self)
- MSEntraID Folder structure & naming adjustments #1286 (nusantara-self)
- Rename & rework existing Azure AD analyzer & responder for Entra ID name change #1285 (nusantara-self)
- utils improvements #1284 (nusantara-self)
- Add DNSDumpster analyzer templates #1283 (nusantara-self)
- Pin thehive4py package version to 1.8.x #1282 (nusantara-self)
- Added QrDecode Analyzer #1275 (EnzoCyberSec)
- [CrowdSec] Update analyzer (1.0 => 1.1) #1273 (julienloizelet)
- SpamHausDBL fix: replace query function (not working) with resolve function #1272 (emalderson)
- PhishTank fix: add User-Agent header to make phishtank api work again #1271 (emalderson)
- KasperskyTIP fix: previously ignored category orange now is malicious #1270 (emalderson)
- Handle invalid UTF-8 bytes during decode for emlParser #1267 (nusantara-self)
- Add AWS Invoke Lambda responder #1266 (nusantara-self)
- #1263 Update Triage Analyzer #1264 (rpitts-recordedfuture)
- Quick updates #1262 (vpiserchia)
- add dataType mail-subject #1261 (Guiiix)
- EclecticIQ responder #1258 (deepanshu-eiq)
- Added EclecticIQ Analyser #1256 (deepanshu-eiq)
- Filters format migration for OpenCTI 5.12 #1245 (evost)
- Update Gatewatcher CTI Analyzer for 'unknown' risk #1232 (remydewaGW)
- Fixes and added features to Defender for endpoints responder #1225 (louismaxx)
- TheHive Binalyze integration #1219 (binalyze-murat)
- Added responder for Ansible AWX #1215 (Timmu91)
- Azure sign in retriever #1212 (jahamilto)
- Duo Account Bypass Mode (Correction) #1208 (jahamilto)
- Azure Token Revoker Responder #1207 (jahamilto)
- added responder input to Shuffle API call #1194 (tbi88)
- FalconCrowstrikeCustomIOC Responder v2 #1188 (nicoctn)
- When you get whenCreated attribute datetime fix #1181 (p1kusmie)
- Cloudflare Account IP Access List Responder #1177 (nickbabkin)
- Add a responder to send case information to Telegram #1163 (alexkolnik)
- Search users in Okta. #1157 (mjleesment)
- AnyRun Sandbox Analyzer v1.1 #1142 (nolsen311)
- bump abuse_finder #1135 (Augustin-FL)
- Update of NERD analyzer #1121 (vaclavbartos)
- [FIX] HybridAnalysis API V2 #1117 (X0x1RG9f)
- Update TorBlutMagie to point to alternative domain #1114 (red-ship-it)
- Updated Censys Analyzer for latest API #1083 (Gandalf098)
- Make analyzer work with template #1061 (ch0wm3in)
- DNSdumpster analyzer. Initial commit. #1058 (korteke)
- cortexutils not installed in RT4 Responder Docker Image #1055 (hajjiwajih)
- Add Capa Analyzer #1027 (weslambert)
3.3.7 (2024-04-11)#
Closed issues:
- [Bug] MISP_2_1 analyzer #1249
- 'Triage' analyzer adapation to fit Recorded Future solution (based on Triage) #1237
- [Bug] Proofpoint error: "Unexpected Error: Strings must be encoded before hashing" #1250
Merged pull requests:
3.3.6 (2024-02-16)#
Closed issues:
- [Bug] CrowdSec Analyzer: requests module missing #1227
Merged pull requests:
- Update requirements.txt #1248 (nusantara-self)
- Update requirements.txt #1247 (cyberpescadito)
3.3.5 (2024-02-05)#
Merged pull requests:
- Updated ONYPHE documentation. Fixed potential naming conflict with legacy analyzer. #1244 (jimbobnet)
- New ONYPHE Search, ASM and Vulnscan analyzers. Updated Summary Analyzer. #1242 (jimbobnet)
- Fix missing requirements.txt in CrowdSec Analyzer #1224 (AlteredCoder)
- StamusNetworks: fix error on empty network info #1220 (regit)
3.3.4 (2024-01-10)#
Closed issues:
- New Analyzer: QR Code Parser #1238
- [FR] Include additional intelligence from Recorded Future enrichment #1231
- [Bug] Virustotal Analyzer Docker stuck "In Progress" #1239
3.3.3 (2023-12-28)#
Closed issues:
- [Bug] Misp Analyzer #1235
Merged pull requests:
- fix build for Autofocus and MalwareClustering #1233 (vdebergue)
- Fix build for several analyzers & responders #1230 (vdebergue)
- #1231 Update Recorded Future Analyzer #1234 (rpitts-recordedfuture)
- Update Elasticsearch analyzer with unix format #1023 (ajrios33)
3.3.2 (2023-08-28)#
Closed issues:
- [Bug] sveral fixes for 3.3.1 #1214
Merged pull requests:
3.3.1 (2023-08-18)#
3.3.0 (2023-08-16)#
Closed issues:
- [FR] Azure Sign In Retriever #1211
- [Bug] Azure Revoke Session Token Responder #1202
- [FR] Add Bypass option for Duo Security responder #1200
- Missing requirements from analyzers #1171
- [Bug] Checkpoint responder not building #1209
- [Bug] VirusTotal get report ip_addresses do not return 'resolutions' #1204
- [Bug] VirusTotal get report ip_addresses do not return report summary #1203
- [Bug] OpenCTI Analyser #1182
- [FR] Rename LastInfoSec Analyzer to Gatewatcher and add feature #1152
- HarfangLab responder contribution #1125
Merged pull requests:
- Adding 'Object' key to event filters #1185 (cyberpescadito)
- Rectified a typo error and added a requirement, Added a requirements.txt file #1172 (Black-Pearl25)
- [NEW] Jupyter analyzer+responder for Cortex #1199 (LetMeR00t)
- Fix analyzer and long report templates #1196 (TonioRyo)
- Editing bug related to https://github.com #1182 #1183 (FormindMPO)
- Rename 'LastInfoSec' analyzer to 'Gatewatcher CTI' and add feature #1153 (remydewa)
- fix lacking json enclosure #1144 (topi-chan)
- HarfangLab EDR responder contribution #1126 (Pierre-HarfangLab)
3.2.9 (2023-05-04)#
Closed issues:
- [FR] in-progress - Analyzer - Crowdstrike API to enrich observables #1176
3.2.8 (2023-03-09)#
Closed issues:
- [Bug] Eml Parser except Exception as e: error (Extra Spaces) in parse.py #1168
3.2.7 (2023-03-09)#
Merged pull requests:
3.2.6 (2023-03-02)#
Merged pull requests:
3.2.5 (2023-03-01)#
3.2.4 (2023-03-01)#
Closed issues:
- [Bug] Analyzer Crt_sh_Transparency_Logs_1_0 not working #1139
- [Bug] Analyzer GoogleDNS_resolve_1_0_0 not working #1136
- [Bug] Container for analyzer FalconSandbox missing dependencies #1108
- [FR] New Analyzer: Palo Alto Wildfire Sandbox #910
- [Bug] error with emlparser #1162
- [Bug] ProofPoint_Lookup_1_0 fails with "Strings must be encoded before hashing" #1160
- [Bug] Analyzer Maltiverse_Report_1_0 type url not working #1140
- [Bug] Censys analyzer not working #1134
Merged pull requests:
- Use github actions for CI #1165 (vdebergue)
- #1160 Encode string before hashing #1161 (To-om)
- #1086 Fix type in KnowBe4 configuration item #1159 (To-om)
3.2.3 (2022-11-09)#
Closed issues:
- [Bug] Falcon Responder: update python path #1131
- [Bug] Virustotal not working correctly with proxy settings #1130
- [Bug] MSDefender Responder has no module named cortexutils #1107
3.2.2 (2022-10-27)#
Closed issues:
- update version of Emlparser report template #1129
3.2.1 (2022-10-25)#
Closed issues:
- [Bug] fix perms on main programs #1128
3.2.0 (2022-10-21)#
Closed issues:
- [FR] Upgrade OpenCTI analyzer for v4 compatibility #929
- Updates for documentation website #1113
- Build and manage images of private and custom analyzers/responders #1112
- little improvements #1110
- [FR] Virustotal Analyzer and VT API v3? (v2 will go offline soon) #1012
- [FR] Verifalia analyzer #1007
- [FR] ThreatMiner analyzer #1005
- [FR] Kaspersky Threat Intelligence Portal analyzer #1003
- [FR] IP-API analyzer #1001
- [FR] CheckPhish Analyzer #997
- [FR] Bitcoin Abuse Analyzer #995
- [FR] SentinelOne Hash Blacklister (Responder) #781
Merged pull requests:
- KasperskyTIP analyzer #1004 (pjuhas)
- Implement Microsoft 365 Defender responder #1124 (joeslazaro-cdw)
- Implement Palo Alto Cortex XDR responder #1123 (joeslazaro-cdw)
- Add Crowdsec CTI analyzer #1116 (CERT-ARKEA)
- Virustotal v3 #1111 (lamachin3)
- Improved emlParser #1109 (lamachin3)
- Implement EchoTrail analyzer #1100 (joeslazaro-cdw)
- Implement CIS MCAP analyzer #1098 (joeslazaro-cdw)
- Implement Palo Alto WildFire analyzer #1094 (joeslazaro-cdw)
- feat: Improve templates for SEKOIA analyzers #1093 (Darkheir)
- Add authentication option for Maltiverse #1087 (jlopezzarza)
- Add additional taxonomy for IPinfo #1085 (dafal)
- Verifalia analyzer #1008 (pjuhas)
- ThreatMiner analyzer #1006 (pjuhas)
- IP-API analyzer #1002 (pjuhas)
- CheckPhish analyzer #1000 (pjuhas)
- Bitcoin Abuse analyzer #999 (pjuhas)
- added initial sentinelOne responder #782 (jobscry)
3.1.1 (2022-06-21)#
Closed issues:
- [Bug] programs are missing executable permission #1106
- [Bug] Can't install dependencies for MSDefenderEnpoints #1105
- [Bug] Docker image CIRCLHashlookup built without the execute bit on the python script #1101
- [Bug] Shuffle_1_0 docker Permission denied #1091
- [Bug] Elasticsearch_Analysis_1_0 docker Permission denied #1089
3.1.0 (2022-06-20)#
Closed issues:
- [FR] CIRCLHashlookup 1.1 #1077
- [Bug]FalconCustomIOC Endpoint changed #1075
- [FR] Allow analysts to mark an untouched task to not be deleted when closing the case #1072
- [QUESTION] Get analyser jobs per case ? #1070
- [FR] Get analyser jobs per case #1067
- [DOC] How to create custom Analyzers or Responders catalogs #1060
- [Bug] VirusTotal_GetReport_3_0 Error 403 #946
- [Bug] CortexNeurons error parsing version in analyzer.json or responder.json #901
- System proxy settings not set using global configuration #884
- [Bug] EmlParser reports does not display correctly on small screens #1042
- [Bug] Ldap_Query_2_0 Cortex Analyzer uid_search_field is missing Error #1030
- [FR] Zscaler analyzer (New) #982
- [FR] Cylance analyzer (New) #980
- Censys analyzer is failing #917
- [FR] Develop Responder for Microsoft Defender for Endpoint #908
- Analyzer for Crowdstrike Falcon X - Sandbox #796
Merged pull requests:
- Update: CIRCLHashlookup 1.1 #1076 (nsmfoo)
- feat: Add analyzer looking into SEKOIA's observables #1073 (Darkheir)
- Issue:1030 Ldap_Query_2_0_Fix uid_search_field attribute when reading… #1031 (psyopm)
- Update README.md #1025 (staf711)
- Updated JSB analyzer #1022 (iamELG)
- New analyzers and templates for RiskIQ Illuminate #1013 (aeetos)
- Mailer Responder | Create requirements.txt #990 (du5hyant)
- Zscaler analyzer #981 (nsmfoo)
- Cylance analyzer #979 (nsmfoo)
- A number of small enhancements to TheHive templates #951 (buzzdeee)
- New responder for Microsoft defender for Endpoints #909 (korteke)
- Velociraptor: Add upload functionality for flow results #852 (weslambert)
- Added a Analyzer for Crowdstrikes Falcon X Sandbox #797 (foenyxxyneof)
3.0.3 (2021-11-15)#
Closed issues:
- [BUG] error=2, No such file or directory when running responder #1041
- [Bug] FileInfo cannot build successfully #1019
- [Bug][EMLParser] incomplete headers #976
3.0.2 (2021-08-05)#
3.0.1 (2021-07-29)#
3.0.0 (2021-07-27)#
Closed issues:
- [FR] Hashlookup (CIRCL) #1014
- [FR] Improve MISP analyzer results #984
- [Bug] Malware Clustering - py2neo #983
- Update Cyberprotect Analyzer #973
- [FR] Update GreyNoise Analyzer to support Community API #969
- [FR] New Analyzer: Diario #966
- [FR] Analyzer for Scirius Security Platform #958
- [Improvement] EmlParser: manage report new observables of type 'file' #937
- [FR] GreyNoise V3 - API update #912
- [Doc] Check schema flavor json files #900
- FileInfo: Add default value for manalyze_enable #881
- Improve DShield #879
- [Bug] Mail Responder recipient address not found in tags #860
- [OSCD Initiative] Develop Responder for Gmail #859
- [OSCD Initiative] Develop Responder for Azure Active Directory #858
- [OSCD Initiative] Develop Responder for Palo Alto NGFW #855
- [FR] Update AnyRun Analyzer to include privacy setting #853
- [Bug] OTXQuery_2_0 analyzer does not work #850
- [Bug] Wazuh Responder Not Working #844
- New Analyzer: ElasticSearch Query #841
- [FR] Merge new VMRay Analyzer #824
- [Bug] CIRCLPassiveSSL uncaught exception on unexpected server behavior #805
- [improvements] EMLParser: ensure observables are reported only once and detect URL in HTML messages #793
- Add Analyzer for GRR #570
- New Analyser: Strings #315
Merged pull requests:
- Updated VMRay Analyzer #959 (53A-1)
- update full report link for VirusTotal GetReport Template #950 (buzzdeee)
- Change the link back to VirusTotal Template using content.permalink #948 (buzzdeee)
- Feature/update docs #947 (dadokkio)
- virustotal flow #933 (dadokkio)
- Update mnemonic pdns.py with correct API URI #927 (jvbrandis)
- Update Fileinfo #915 (dadokkio)
- GreyNoise - Update API to new version 3 #911 (markus-nclose)
- fix case id, error if type is not guessed #894 (dadokkio)
- Add proxies support to torproject analyzer #888 (dadokkio)
- Merging #603 code in censys analyzer #869 (dadokkio)
- Add fqdn to Umbrella analyzer #868 (LaZyDK)
- Fixes status_code 503 error caused by Cloudflare #861 (omererdem)
- Included privacy type setting for URL/File analysis #854 (aacgood)
- Use Response.text instead of Response.content #851 (lukaszrzasik)
- New analyzer: Inoitsu email lookup. #849 (jonathan6661)
- TheHive4: equal signs instead of colons for tags #848 (jan4401)
- Added Shuffle workflow execution responder #840 (frikky)
- Analyzer for Sophos Intelix #571 (stephen-oleary)
- use tab for multiple misp instance in template #1018 (dadokkio)
- CIRCL Hashlookup Analyzer #1015 (nsmfoo)
- [OSCD Sprint #2] Final Pull Request / Summary #991 (staf711)
- Update fileinfo_analyzer.py #985 (v1p3r0u5)
- Update Cyberprotect Analyzer #974 (ArthurCauchy)
- Update GreyNoise Analyzer #970 (bradchiappetta)
- [FR] Diario Analyzer #967 (nachorpaez)
- [OSCD Initiative] Develop Responder for Duo Security; fix #857 #964 (yugoslavskiy)
- Scirius Security Platform Host ID analyzer #960 (regit)
- Analyzers for Valhalla and Thunderstorm #943 (Neo23x0)
- Analyzer for DNS Lookingglass #941 (LaZyDK)
- Rename report template folder according to documentation #934 (ch0wm3in)
- New hashdd api #932 (dadokkio)
- Add CheckPoint Responder #930 (dadokkio)
- Upgrade OpenCTI analyzer to v4 + add fuzzy search flavor #928 (amr-cossi)
- Add IVRE Analyzer #923 (p-l-)
- Feature/mail incident status #921 (mkcorpc)
- [OSCD Initiative] Add Azure Authentication Token Revokation Responder #906 (districtofpaige)
- FIX issue #896 #897 (ipfyx)
- [Bug] MineMeld responder domain IOC incorrect type #892 #893 (colin-stubbs)
- [OSCD Initiative] add Gmail responder #891 (strassi)
- [OSCD Initiative] Add response for PaloAltoNGFW #886 (Konakin)
- [OSCD Initiative] Vulners analyzer #880 (uchakin)
- [New Analyzer] Elasticsearch Analyzer #876 (nmprokop)
- Fix verbiage for error messages #845 (weslambert)
- Updated VMRay Analyzer #823 (53A-1)
- added check to validate that hash is in subject table #806 (0xmilkmix)
- LdapQuery Analyzer #589 (cyberpescadito)
- Simple analyzer for GRR #568 (pettai)
2.9.7 (2021-07-27)#
2.9.6 (2021-07-27)#
2.9.5 (2021-07-27)#
Closed issues:
- GET /api/analyzerconfig/nameofbaseconfig returned 404 #978
- [Bug] Cortex Responders How to get task log content? #975
- hook #972
- Issue with analyzer developement - Specific problem #968
- Unable to querry date to cortex analyser #965
- [Bug]Cisco Umbrella Responder #954
- [Bug] OpenCTI analyser: missing Python module? #945
- Analyzers don't work #939
- [Bug] TheHive can't execute Analyser on multi-organization Cortex #938
- [Bug] Anyrun_Sandbox_Analysis_1_0 report-template is not correctly named according to documentation #935
- [Bug] FileInfo_7_0 error if msg has encrypted zip attachment #924
- IVRE-based analyzer #922
- [FR] Responder which sends a mail with a detailed incident status #920
- [FR] Virustotal custom functionality #899
- [Bug] mispwarninglist update errors when using database backend #890
- [OSCD Initiative] Develop Responder for Duo Security #857
- [Improvement] FileInfo should include actual attachments in the report #839
- [FR] DNSDB analyzer - more limiter options #770
2.9.4 (2021-02-05)#
Closed issues:
- [Bug] Hashdd not working #931
- [Bug] Changes to Application.conf #918
- [Bug] Abuse_Finder analyzer fails #914
- FileInfo_7_0 #905
- [Bug] Splunk search analyzer - Password is not hidden #903
- [Bug] Splunk TypeError jobResult["resultCount"] implicit int cast #896
- [Bug] Retrieve email headers #895
- [Bug] MineMeld responder domain IOC incorrect type #892
- mispwarninglist with postgres initialization not working #885
- LDAP3 Module not found on cortex analyser #883
- Drone: improve process of catalogs generation and package of template #882
- Cortex Analysers problem #878
- [Bug] FileInfo/fileinfo_analyzer.py Missing Library #866
- [Bug] OTX analyser no requests module on line 4 #818
- EML_Parser auto extract URL and Attachment as observable #395
2.9.3 (2020-10-16)#
2.9.2 (2020-10-15)#
Closed issues:
- [Bug] TalosReputation_1_0. Failed to query Talos details. Status_code 503 #874
- [Bug] EmlParser_1_2 fails to find iocextract library despite it being installed. #871
- [Bug] #867
- [Bug] Mailer Responder not working within tasks #846
- [Bug] Fix doc #838
- [Bug]Robtex api end point are no longer valid? #821
- [Bug]Pulsedive analyzer doesn't work #788
- [Bug] Msg_Parser_2_0 #601
- Malwareconfig Lookup and Yara Rule Additions #174
2.9.1 (2020-08-13)#
2.9.0 (2020-08-12)#
Closed issues:
- [Bug] Docker images of some responders are not built #834
- PhishTank_CheckURL_2_1 doesn't work[Bug] #833
- [FR] Velociraptor Analyzer/Responder #579
- [Bug] Mailer_1_0 not working #835
- PhishingInitiative_Scan_1_0 doesn't work[Bug] #832
- Hashdd_Detail_1_0 doesn't work [Bug] #831
- MalwareBazaar_1_0 doesn't support types of observables, but writed that it does[Bug] #830
- MISPWarninglists analyzer doesn't work [Bug] #827
- New Analyzer: ForcepointWebsensePing #817
- [FR] add SpamAssassin analyzer #810
- [PATCH] Implement some other ONYPHE simple APIs (but still not the search API) #372
Merged pull requests:
- New version of the Splunk analyzer for Cortex #534 (LetMeR00t)
- [Splunk] Adding documentation #837 (LetMeR00t)
- Add forcepoint websense ping Analyzer #836 (dadokkio)
- New analyzer: NERD #816 (vaclavbartos)
- DomainMailSPFDMARC - add templates #813 (dadokkio)
- Feature/spamassassin #811 (dadokkio)
- Initial Velociraptor Responder #803 (weslambert)
- feat: Adds SEKOIA analyzers #780 (Darkheir)
2.8.7 (2020-08-03)#
Closed issues:
- Robtex_IP_Query_1_0 doesn't work [Bug] #828
2.8.6 (2020-07-15)#
Closed issues:
- [Bug] VirustotalDownloader docker image not available #820
2.8.5 (2020-07-13)#
Closed issues:
- [FR] Splunk search analyzer #791
2.8.4 (2020-07-02)#
2.8.3 (2020-07-02)#
Closed issues:
- [Bug] missing simplejson lib in ThreatGrid analyzer #812
2.8.2 (2020-07-02)#
2.8.1 (2020-07-02)#
Closed issues:
- [FR] New Analyzer: LastInfoSec IoC Analysis #753
- [Bug] IntezerCommunity Analyser: Permission denied #801
2.8.0 (2020-06-30)#
Closed issues:
- [FR] Rename Lis_GetReport analyzer to LastInfoSec #808
- [Bug] JSONDecodeError with dockerized analyzers #800
- EML-Parser Requirements file missing pip requirement #792
- [Bug] MineMeld_1_0 Obesrvable not reaching destination. #773
- [Bug] Abuse_Finder : pythonwhois dependency tree broken #742
- ELK - Elasticsearch or Kibana analyzer (contribution survey) #419
- Remove catalogs #789
- [Bug] Wazuh responder not working. #778
- [Bug] Minemeld Responder: No module named 'requests' #774
- WOT: Moving from legacy to the new endpoint #771
- New Responder: Virustotal Downloader #765
- ThreatResponse analyzer fails #759
- [FR] SendGrid based mail delivery via HTTPS API #738
- [FR] Mailer should support TLS/START-TLS and authentication #737
- Use APIv2 in Onyphe analyers #736
- Mailer incorrectly informes about missing receipient address in artifacts for Case object #379
Merged pull requests:
- Rename Lis_GetReport analyzer to LastInfoSec #809 (remydewa)
- #789 catalogs removed #790 (jeromeleonard)
- Documentation initialisation #787 (jeromeleonard)
- change wot analyzer to support new api #777 (dadokkio)
- add requests to requirements #775 (dadokkio)
- #759 module_type removed in ThreatResponse #768 (dadokkio)
- Add new responder VirustotalDownloader #765 #766 (NexusFuzzy)
- Add auth to Mailer and support for tasks #764 (dadokkio)
- DomainTools Iris Analyzer Report Updates #760 (ChuckWoodraska)
- sinkdb: fqdn support #756 (dadokkio)
- new LastInfoSec analyzers for hash and domain #754 (remydewa)
- support onyphe api v2 #747 (dadokkio)
- Initial commit for SendGrid responder #739 (colin-stubbs)
- Updating to use new API #483 (obikao)
2.7.0 (2020-05-15)#
Closed issues:
- [Bug] MaxMind #752
- json.dump \n and \" #743
- [Bug] Yeti Analyzer docker images pip installing pyeti #708
- [Bug] FireHOLBlocklists No such file or directory #707
- [Bug] Worker cannot be run #595
- New analyzer : Google Vision API #298
- BlueCoat Malware Analysis Sandbox Analyzer #145
- [Bug] EmailRep #750
- [Bug] Shodan Analyzer: Inconsistent Key References #748
- New Analyzer: ANY.RUN #734
- [discussion] Mispwarninglist analyzer speed issue and proposed improvement #731
- New Analyzer: OpenCTI #723
- New Analyzer: MalwareBazaar #722
- Improvement: extract IOCs from EmlParser #710
- [Bug] DNSDB Analyzer Python 3 incompatability #613
- [FR] CyberChef Analyzer #600
- [Bug] Crt_sh_Transparency_Logs_1_0 - No JSON object could be decoded #594
- [FR] Yeti Analyzer - SSL error with self signed certificate #468
- Cortex Responder for creating RT (Request Tracker) tickets out of TheHive #430
- [Bug] TheHive isn't showing error messages from responders #429
Merged pull requests:
- added key to emailrep #751 (dadokkio)
- fix infos_domain key in shodan #749 (dadokkio)
- fix on python3 compatibility for #696 #745 (dadokkio)
- fix multuple yeti issues #740 (dadokkio)
- add analyzer for any.run sandbox #735 (dadokkio)
- Postgres as backend for mispwarninglist #732 (dadokkio)
- Fix bug emlparser when 'content-type' string in mail is in lower case #730 (TofBaasken)
- malwarebazaar hash search #728 (dadokkio)
- Add OpenCTI Analyzer v1 #725 (amr-cossi)
- Add CyberChef analyzer #697 (weslambert)
- Add CyberChef Analyzer #599 (weslambert)
- DomainTools Iris - Risky DNS Responder #587 (ChuckWoodraska)
- Add RT4-CreateTicket #543 (mdavis332)
2.6.0 (2020-03-25)#
Closed issues:
- [Bug] Importing Templates of Analyzers in Hive #704
- Responder Cisco AMP for Endpoints #593
- Analyzer Cisco Threat Response #592
- MISP-Warninglists Analyzer Outdated #569
- [Bug] VMRay Returns Error #520
- Invalid requirements in responder FalconCustomIOC requirements.txt #509
- ClamAV New analyzer #311
- New Analyzer: Mnemonic PDNS (Public & Closed) #255
- CISCO AMP Sandbox Analyzer #146
- [Bug] FileInfo does not run Oletools submodule for a doc #705
- [Bug] Investigate Analyzer Broken #703
- [Bug] AbuseIPDB analyzer returns error #701
- Analyzers missing cortexutils in requirements.txt #695
- [Bug] abuselpdb stop stupport APIv1 #618
- [Bug] All Onyphe analyzer return "Invalid output" #591
- [Bug] Mailer 1_0 #573
- Intezer Community analyzer #504
- Analyzer Feature: URLScan.io "Scan" Service #405
- New Analyzer: NSRL check #391
Merged pull requests:
- abuseipdb update api to v2 #719 (dadokkio)
- Revert "[ThreatCrowd ] Fixing Unexpected Error: get() takes exactly 1 argument (2 given)" #716 (dadokkio)
- Revert "added IntezerCommunity analyzer" #713 (garanews)
- cortexutils in all requirements.txt #711 (garanews)
- fqdn support for Url haus #706 (garanews)
- Revert 726 revert 714 dt config clean up #727 (jeromeleonard)
- Revert "DomainToolsIris config cleanup" #726 (jeromeleonard)
- Revert "Bumped Investigate version" #721 (jeromeleonard)
- Bumped Investigate version #718 (garanews)
- fix some code for python3 compatibility #717 (dadokkio)
- DomainToolsIris config cleanup #714 (ChuckWoodraska)
- Feature/nsrl #712 (dadokkio)
- Added url scan feature #709 (dadokkio)
- DomainTools Iris - Malicious Tags Responder #588 (ChuckWoodraska)
- DomainTools Iris - Investigate Analyzer #572 (ChuckWoodraska)
- Update UmbrellaBlacklister #547 (arnydo)
- Fix - updated cortexutil Extractor return keys #538 (dadokkio)
- Issue #521 Fix - Talos Analyzer No Longer Works #522 (colin-stubbs)
- [ThreatCrowd ] Fixing Unexpected Error: get() takes exactly 1 argument (2 given) #518 (presianbg)
- added IntezerCommunity analyzer #505 (mlodic)
2.5.0 (2020-02-24)#
Closed issues:
- [Bug] Umbrella Investigate report error message 'Unknown Investigate service or invalid data type' #698
- IPVoid IP reputation API #454
- [Bug] Cuckoo Analyzer Fails when it hasn't been executed for many hours #437
- Virusshare analyzer: suggesting another way to retrieve hash file names #359
- Issue with Cuckoo Sanbox Analyzer #148
- Cuckoo analyzer sometimes failes #114
Merged pull requests:
- Cisco Threat Response Analyzer #598 (maugertg)
- Cisco Threat Grid Analyzer #597 (maugertg)
- Cisco AMP for Endpoints Responder #596 (maugertg)
- Added IPVoid IP reputation API analyzer #455 (jdsnape)
- Redmine responder #342 (srilumpa)
2.4.1 (2020-02-11)#
Closed issues:
- [Bug] MaxMind_GeoIP_3_0 #564
- Emailrep.io analyzer #466
- IPinfo analyzer #462
- Maltiverse Analyzer #440
- [FR] Spamhaus DBL Analyzer #436
- New Analyzer: SoltraEdge #264
- Error when building docker image for MalwareClustering #620
- Abuse Finder not working with docker after force usage of python3 #619
- Rename AUTOFOCUS analyzers to Autofocus #616
- [Bug] Permission Denied on Analyzer Execution #614
- [Bug] VirusTotal script elif statement ends with semicolon typo #610
- FileInfo_7_0 -- msg-Extract #545
2.4.0 (2020-02-10)#
Closed issues:
- [Bug] SSL verification failing for majority of analyzers. #605
- Cisco Umbrella Investigate Analyzer [FR] #583
- [Bug] JoeSandbox analyzer fails if terms and conditions are not accepted #565
- [Bug] Can't Remove an Analyzer #528
- PayloadSecurity analyzer sslverify config conversion bug. #185
- [Bug] MISP 2.0 analyzer search crashes the MISP instance #602
- Add Wazuh Responder #578
- [FR] Palo Alto Minemeld Responder #577
- [FR] Team Cymru Malware Hash Registry Analyzer #576
- OTXQuery Error - No module named requests #574
- [Bug] Abuse_Finder_2_0 #566
- New Responder: KnowBe4 (WIP) #548
- [FR] Analyzer for PaloAltoNetworks Autofocus service #472
- Force python3 in all analyzers #361
Merged pull requests:
- fix: python3 compatibility for otxquery analyzer #590 (iwitz)
- DomainTools Iris - Pivot Analyzer #586 (ChuckWoodraska)
- Add Spamhaus DBL analyzer #585 (weslambert)
- Add Wazuh responder #582 (weslambert)
- Add Palo Alto Minemeld Responder #581 (weslambert)
- Add TeamCymruMHR Analyzer #580 (weslambert)
- Update EmailRep analyzer #575 (ninoseki)
- fix: OTXQuery Python3 compatibility #567 (iwitz)
- Updating GreyNoise analyzer to use v2 API #562 (shortstack)
- fix for Shodan #558 (malwareowl)
- fix for threatcrowd #557 (malwareowl)
- fix for virus total #555 (malwareowl)
- New Responder KnowBe4 #549 (arnydo)
- Fix for the Abuse_Finder and Fortiguard #541 (phpsystems)
- fix some typo #537 (garanews)
- PassiveTotal Analyzer: Added support for additional data sets #497 (9b)
- Autofocus analyzer v1 #473 (amr-cossi)
- Abuse_Finder : Add support to Python3.6 #469 (LetMeR00t)
- add Emailrep analyzer #467 (ninoseki)
- Add IPinfo analyzer #463 (ninoseki)
- remove builtin modules from requirements.txt #457 (ag-michael)
- Maltiverse Analyzer #448 (ottimo)
- Malware clustering #351 (garanews)
2.3.0 (2019-11-28)#
Closed issues:
- Old non-existent analysers showing in Cortex [Bug] #553
- [Bug] Custom responder not working after upgrade to cortex 3 #542
- [Bug] ThreatCrowd analyzer not respecting Max TLP value #527
- [Bug]Missing baseConfig in two Analyzsers #508
- FileInfo_5_0 Cannot parse PDF files #495
- [Bug] MISP analyzer does not connect to MISP #480
- MaxMind Analyzer: Use commercial databases with geoipupdate #474
- [Bug] Missing module dependencies on responders #561
- [Bug] #552
- [Bug] Requests module is missing in PhishTank checkurl analyzer docker image #551
- Add mime types of encrypted documents #550
- [Bug] Cuckoo Sandbox 2.0.7 #544
- [Bug] Docker build fails due to spaces in some responders #540
- Talos Analyzer No Longer Works #521
- [Bug] Fortiguard: Category parsing does not handle "-" #493
Merged pull requests:
- fix when hash not found #485 (garanews)
- Umbrella analyzer: query_limit: error if no data provided #479 (siisar)
- fixed Talos analyzer #546 (0xmilkmix)
- removed python builtins from requirements.txt #517 (ITServ-DE)
- Support for Cuckoo 2.0.7 and custom CA #514 (1earch)
- updated joesandbox analyzer #512 (garanews)
- Metadefender analyzer #510 (garanews)
- Fix category parsing forom Fortiguard URLCategory #494 (srilumpa)
2.2.0 (2019-10-01)#
Closed issues:
- Template reports problem with custom analyzers #526
- [Bug] VirusTotal_GetReport does not work anymore #519
- [Bug] Cortex Analyzers Invalid output #515
- [Bug] FileInfo crashes with some PDF #536
- [Bug] Hybrid Analysis getReport fails with observable with datatype = file #535
- [FR] Manage encrypted Office documents in FileInfo #533
- [FR] Responder "request for takedown" in Zerofox #532
- [FR] Responder "Close Alert" for Zerofox #531
- [Bug] HIBP Analyser no longer works #524
- [FR] Use HEAD instead of GET in UnshortenLink #506
- [Misc] Remove Cymon analyzer #489
- [Bug] Umbrella_Report_1_0 analyzer returning Invalid output #459
- Responder QRadarAutoClose #441
- Responder: Block a "domain" observable via BIND RPZ DDNS update #435
- Encoding error in Shodan results #322
- Option to ignore SSL errors from analyzers #228
Merged pull requests:
- [BugFix] HIBP Analyser no longer works #525 (jonashergenhahn)
- Responder QRadarAutoClose #460 (cyberpescadito)
- Add responder DNS-RPZ (issue #435) #447 (mhexp)
- New analyser : Google Vision API #297 (0xswitch)
2.1.8 (2019-07-12)#
Closed issues:
- [Bug] PassiveTotal SSL Certificate History analyzer always report at least one record, even if there isn't one #513
2.1.7 (2019-07-10)#
Closed issues:
- [Bug] FortiGuard cannot parse response content #491
- New analyzer: Talos Reputation #426
- Threatcrowd, TorBlutmagie, TorProject not displayed #414
- OTXQuery_2_0 Error when submitting IP address #363
- Dockerising analyzers #246
- Analyzer Template Check-Up #213
2.1.6 (2019-06-21)#
Closed issues:
- Missing request lib in the docker of Fortiguard analyzer #503
Merged pull requests:
2.1.5 (2019-06-20)#
Closed issues:
- Docker for EmlParser is not working, python-magic is missing #502
2.1.4 (2019-06-20)#
Closed issues:
- TalosReputation : not cortexutils in requirements.txt #501
2.1.3 (2019-06-17)#
Closed issues:
- Problem with iocp requirement #500
2.1.2 (2019-06-16)#
2.1.1 (2019-06-16)#
2.1.0 (2019-06-09)#
Closed issues:
- [Bug] IBM X-Force Analyzer adds an extra slash which prevents it from running correctly #487
- "errorMessage": "Missing dataType field" #481
- Hashdd_Detail_1_0 throwing error #461
- Cuckoo Sandbox Analyzer error #458
- "errorMessage": "Invalid output\n" on Mail Responder #452
- [Bug] EmlParser has incomplete header #484
- [Bug] OpenXML files detected as zip but ignored by Oletools. #475
- [Bug] Malwares_GetReport_1_0 #470
- FileInfo : extract URL from documents like PDF or Office #465
- Use up to date msg-Extract lib in FileInfo #464
- [FR] Updated crt.sh Analyzer #438
Merged pull requests:
- added custom Dns sinkholed ip #482 (garanews)
- remove extra slash #488 (garanews)
- EmlParser - Fixed headers and displayTo #486 (mgabriel-silva)
- yeti api key #478 (siisar)
- Possibility to use a Yeti apikey. #477 (siisar)
- Utility to make running an Analyzer locally easier, helpful in development #471 (ndejong)
- Use VirusTotal with python3 (issue #361) #446 (Nergie)
- Fix emlParser crash #439 (agix)
- DNSSinkhole analyzer #434 (garanews)
- Crtsh updates #432 (kx499-zz)
- New analyzer: Talos Reputation #427 (mgabriel-silva)
2.0.1 (2019-04-05)#
Closed issues:
- [Bug] Invalid version for stable Docker image #453
2.0.0 (2019-04-05)#
Closed issues:
- [Help Wanted] First Analyser #449
- [FR] Remove contrib folder #451
- [FR] Add support to dockerized analyzers #450
1.16.0 (2019-03-27)#
Closed issues:
- Different analyzer results between manually built instance and trainingVM #442
- [Bug] #433
- Crowdstrike Falcon Responder #423
- Backscatter.io Analyzer #422
- AbuseIPDB analyzer creation #353
Merged pull requests:
- Add responder QRadarAutoClose[FR#441] #443 (cyberpescadito)
- added templates for AbuseIPDB #425 (mlodic)
- A responder for the Crowdstrike Falcon custom IOC api #421 (ag-michael)
- New analyzer: Backscatter.io #420 (9b)
- Added AbuseIPDB analyzer #400 (mlodic)
- Added SoltraEdge Analyzer #268 (NFCERT)
1.15.3 (2019-02-28)#
Closed issues:
- [FR] New URLhaus API #431
- Proofpoint analyzer fails Unexpected Error: Unicode-objects must be encoded before hashing #417
Merged pull requests:
- Updating Cuckoo Analyzer/Report Templates #418 (nicpenning)
1.15.2 (2019-02-11)#
Closed issues:
- Analyzer creation : "invalid output" #412
- EmlParser_1_1 not parsing .msg files #401
- MISP Analyzer only queries first configured MISP instance #378
- Issue with encoding in mailer responder #416
- Restrict UnshortenLink usage to urls without IPs and/or ports #413
- Crtsh Analyzer: crt.sh result is a nested list #410
- MISP: fix requirements; enum not required for python 3.4+ #409
- FileInfo Manalyze - [plugin_btcaddress] Renamed to plugin_cryptoaddress. #408
- Bug: a broken link in the Cymon_Check_IP report #406
- Wrong File handling in OTXQuery Analyzer #313
Merged pull requests:
- Fix for #410 removed wrapping of crt.sh result in a list #411 (sprungknoedl)
- Fix a broken link in the Cymon_Check_IP report #407 (ninoseki)
1.15.1 (2019-01-09)#
Closed issues:
Merged pull requests:
- make code python 3.4 compatible #403 (dadokkio)
- fix the lack of dependency called enum in ubuntu 16.04 #398 (yojo3000)
1.15.0 (2018-12-20)#
Closed issues:
- Analyzer report samples/examples #390
- Improvement: Eml_Parser Analyzer & Template #394
- New Analyzer: Cisco Umbrella Reporting #385
- Cisco Umbrella Blacklister Responder #382
- New analyzer : Cyberprotect ThreatScore #373
- New Analyzer: SecurityTrails #370
- Fortigard Report Template needs to be updated with new reclassification url #345
- Revamp Shodan analyzer #327
- Update DomainTools analyzer with new flavors #320
- Add support for query parameters in DNSDB #318
- Analyzer - Haveibeenpwned.com Lookup #190
Merged pull requests:
- Improvement: Eml_Parser Analyzer & Template #393 (arnydo)
- Analyzer/Umbrella & Templates #392 (arnydo)
- Adding Patrowl analyzer #386 (MaKyOtOx)
- Responder/umbrella blacklister #383 (arnydo)
- HIBP_Query - Option to include Unverified Breaches #381 (arnydo)
- Improve/mailer #376 (arnydo)
- New analyzer : Cyberprotect ThreatScore #374 (remiallain)
- feat: add SecurityTrails analyzers #371 (ninoseki)
- Additional features for IBM X-force plug-in #368 (jeffrey-e)
- Added HIBP Analyzer with templates #367 (crackytsi)
- Fix Fortiguard reclassification request URL #346 (megan201296)
- Revamp Shodan analyzer #328 (amr-cossi)
- Feature/domain tools more flavors #321 (amr-cossi)
- Add DNSDB API parameters #319 (amr-cossi)
1.14.4 (2018-12-05)#
Closed issues:
- New Analyzer: ';--have i been pwned? #388
- Add option to specify SMTP Port for Mailer Responder #377
- Virustotal: update short reports to distinguish Scan from GetReport flavors #389
- msg-extractor library has been updated and brakes FileInfo analyzer #384
1.14.3 (2018-11-28)#
Closed issues:
- CERTatPassiveDNS_2_0 Invalid File for WHOIS.sh #349
- eml_parser Unexpected Error: list index out of range #352
1.14.2 (2018-11-16)#
Closed issues:
- Fix URLHaus long template #375
1.14.1 (2018-11-09)#
Closed issues:
- FileInfo 5.0 Dockerized .exe analysis #369
- Proofpoint analyzer definition missing the configuration objects #366
Merged pull requests:
- fix in case GSB value is missing #365 (garanews)
- fix: "cut: the delimiter must be a single character" #364 (garanews)
- Fix for Fortiguard to handle FQDNs as well as domains and urls #358 (phpsystems)
1.14.0 (2018-10-26)#
Closed issues:
- Joe Sandbox Analyzer returning error with Joe Sandbox Cloud Pro #357
- Yara analyzer: 'can't open include file' #354
- Cortex Responder - Invalid Output #331
- Add support to responders in cortexutils #316
- Could not get Yeti analyzer worked in cortex #307
- IPv4 address Extractor regex does not match only IPv4 address #198
- MISP WarningLists CIDR notation support #197
- Request for a Cortex Analyzer for Recorded Future #102
- Fixes file not found issue and empty result set in CERT.at passive dns analyzer #362
- Add RTF support in FileInfo #360
- Force python3 for MISP-Analyzer #356
- PassiveTotal_Passive_Dns_2_0 ordering issue #329
- Add new flavors in Onyphe analyzer #324
- HybridAnalysis analyzer does not properly handle filenames on some cases #323
- New Analyzer: Investigate #309
- New analyzer : Google DNS over HTTPS #306
- Improve error msg when VT Get Report does not have an entry for #248
- Urlscan Analyzer #131
- Proofpoint Forensics Lookup #117
Merged pull requests:
- PassiveTotal_Passive_Dns_2_0: Improve the ordering of the records #330 (ninoseki)
- ProofPoint Threat Insight Forensics Analyzer #123 (typonino)
- Fix a typo in URLhaus's long.html #348 (ninoseki)
- Add RecordedFuture Analyzer #347 (jojoob)
- Add urlscan.io search analyzer #337 (ninoseki)
- Add Datascan and Inetnum flavors #326 (amr-cossi)
- New Analyzer: Investigate #310 (yasty)
- New analyzer : Google DNS over HTTPS #305 (0xswitch)
1.13.2 (2018-10-16)#
Closed issues:
- Cuckoo file submission Analyzer error #177
1.13.1 (2018-09-19)#
Closed issues:
- Wrong datatype in artifact() in DShield analyzer #344
1.13.0 (2018-09-18)#
Closed issues:
- Cortex Responder - "thehive:log" datatype #343
- DomainTools Analyzer Risk is broken. Gives authentication errors #338
- Cortex-analyzer deb package? #336
- Fix issues with VMRay analyzer #332
- StopForumSpam analyzer #205
- Fireeye iSIGHT Analyzer #160
- Fix code in Domaintools analyzer #341
- Wrong template in C1fApp analyzer short report #340
- Whois History has no mini report #339
- MISP Analysis failes #335
- [URLhaus] Change of format from URLhaus #308
- New analyzer: Pulsedive #303
- FortiGuard URL: taxonomy is too rigid #295
- New analyzer : Hunter.io #293
- Manalyze analyzer #116
Merged pull requests:
- Manalyze submodule for FileInfo analyzer #333 (3c7)
- add Phishing Initiative Scan analyzer. #317 (sigalpes)
- New analyzer: DShield #300 (xme)
- Fortiguard url taxonomy #296 (srilumpa)
- New analyzer: Hunter.io #294 (remiallain)
1.12.0 (2018-07-31)#
Closed issues:
- Analyzer Running Issues : Invalid Output error on Cortex GUI #302
Merged pull requests:
1.11.0 (2018-07-13)#
Closed issues:
- disable #301
- New analyzer: DShield #299
- New Analyzer: hashdd #282
- Analyzer Issue : Abuse_Finder #277
- New DomainTools API services requires new analyzer #240
- Malwares analyzer has wrong api URL #292
- remove double quotes in short reports #291
- MISP analyzer certificate validation and name configuration #286
- FileInfo fixes #281
- Update DomainTools Analyzer to pull Risk and Proximity Score #214
- [OS3 Hackathon] Refactor File_Info Analyzer #212
Merged pull requests:
- VirusTotal URL report #289 (srilumpa)
- Feature/urlhaus analyzer #285 (ninoseki)
- Add hashdd analyzer #284 (iosonogio)
- Add URLHaus analyzer #271 (3c7)
1.10.4 (2018-06-23)#
Closed issues:
- IBM X-Force and Abuse finder problems found in shorts and long report #290
1.10.3 (2018-06-18)#
Closed issues:
- Ofuscating an IOC signature before analyzing on VT #288
- New analyzer : Threatcrowd #243
- IBM X-Force Exchange Analyzer #144
- Msg_Parser analyser show for all files #136
- API Keys to be submitted through Cortex for Analyzers #7
- ibm xforce analyzer "show-all" buttons don't work #287
1.10.2 (2018-06-08)#
Closed issues:
- Yara config for multi pathes is not parsing correctly in platform #274
- Install analyzers in Red Hat Enterprise 7 #257
- File encoding issue in Threatcrowd json file #283
- IBMXForce template name #280
- Allow to set self signed certificates in VMRay analyzer #279
- IBMXforce Analyzer forces TLP1 #278
- Greynoise minireport does not give any info when there is no record in report #275
- encoding problem in ThreatCrowd #273
1.10.1 (2018-06-06)#
Closed issues:
- Wrong name for Staxx report template #272
1.10.0 (2018-06-06)#
Closed issues:
- Phishtank checkURL fails #261
- New analyzer: malwares.com #251
- DomainTools authentication appears to be broken #206
- Release 1.10.0 #270
- Create GreyNoise analyzer template #269
- No short report in Hybrid-Analysis when there is no result #267
- Payloadsecurity #262
- Bug in EmergingThreats_MalwareInfo analyzer #258
- Error in permalink in Cymon long report template #238
- Add ip dataType to CERT.at Passive DNS analyzer #237
- Grey Noise analyzer #231
- URLhaus analyzer #226
- cybercrime-tracker.net analyzer #220
- Anomali Staxx Analyzer #180
Merged pull requests:
- Added the executable flag to cuckoosandbox_analyzer.py #266 (Jack28)
- Download only new hash files #242 (ktneely)
- Add URLhaus analyzer #227 (ninoseki)
- Develop branch, add Staxx Analyzer #263 (syloktools)
- Improve EmergingThreats analyzers #259 (ant1)
- Created Mnemonic PDNS public and closed analyzers #256 (NFCERT)
- New analyzer: malwares.com #252 (garanews)
- add UnshortenLink analyzer #247 (sigalpes)
- add threatcrowd analyzer #244 (remiallain)
- JoeSandbox analyzers: use a sane analysis timeout #239 (ant1)
- GreyNoise analyzer #236 (danielbrowne)
- cybercrime-tracker.net analyzer #222 (ph34tur3)
- MISP WarningLists - Handling IP address lookup in CIDR IP ranges #200 (srilumpa)
- created IBMXForce analyzer #187 (garanews)
1.9.7 (2018-05-29)#
Closed issues:
- extend templates with external libraries #250
- Update analyzers configuration for Cortex2 #172
- Bluecoat Analyzer #85
- Yara no longer processing rules after cortex 2.0 update #245
1.9.6 (2018-04-25)#
Closed issues:
- Yeti pyton lib fails to install for python_version > 2.7 #241
1.9.5 (2018-04-18)#
Closed issues:
- VirusTotal Analyzer requirements missing from docker image #230
- Remove emerging threat wrong template files #233
- Censys analyzer : no uid given but the parameter is set #232
1.9.4 (2018-04-13)#
Closed issues:
- CIRCLPassiveSSL_2_0 requires colons or dashes in hashes #229
- Hybrid Analysis returns success when filename query didn't work #223
Merged pull requests:
1.9.3 (2018-04-09)#
Closed issues:
- Feature Request: haveibeenpwned.com #189
- Fix the default config of Cymon_Check_IP analyzer #225
- Restrict abuse_finder and file_info dependencies to Python 2.7 #224
- MISPWarningLists Analyzer searches for hashes case sensitive #221
- Bluecoat Categorization failes #216
- View All in template long not working #208
- Cuckoo Analyzer changes the name of the file #188
1.9.2 (2018-04-04)#
Closed issues:
- Hybrid Analysis analyzer successful even if rate limit reached #215
- Supper the new auto extract config name #219
- Data field missing on file submission #218
- OTXQuery_2_0 failes with Cortex2 #217
1.9.1 (2018-03-30)#
1.9.0 (2018-03-29)#
Closed issues:
- Fortiguard analyzer : use HTTPS to request fortiguard service #201
- DomainTools_ReverseIP should accept fqdn and/or domain as datatype #193
- Manage domain datatype in Name_history service of DNSDB analyzer #183
- Manage fqdn datatype in domain_name service of DNSDB analyzer #182
- Improve Phishtank maliciousness results #181
- IP type for CIRCL Passive DNS and others #99
Merged pull requests:
- Fixes some problems with automatic artifact extraction #184 (3c7)
- WIP: PEP8 all the things #165 (3c7)
- added Malpedia Analyzer #168 (garanews)
- Addedd cymon cortex analyzers #133 (ST2Labs)
1.8.3 (2018-03-23)#
Closed issues:
1.8.2 (2018-03-21)#
Closed issues:
- Cortex-Analyzer - MISP-plugin no "ssl-verify = False" option #210
- Cortex-Analyzer - MISP-plugin without proxy support/recognition #209
- Bug: FortiGuard URLCategory Failure #203
- MISP WarningLists long report does not display results #195
- error in MISP/requirements.txt #179
- Cuckoo Permission Denied #178
- MISP Analyzer Tag and Sightings pull #175
- Onyphe_Ports_1_0 return bad data in JSON object #169
- Joe Sandbox Analyzer returning error #156
Merged pull requests:
1.8.1 (2018-02-05)#
Closed issues:
- Bluecoat analyzer fails if domain contains subdomain #173
- Bug in Onyphe_Threats_1 analyzer #170
- Malpedia (yara) Analyzer #166
- Updating VMRay Analyzer to accept files as dataType #157
1.8.0 (2018-01-11)#
Closed issues:
- MISP analyzer certpath option doesn't accept bool value #164
- VirusShare downloader bash script bug #149
- Censys.io analyzer #135
- VirusTotal ignores Environment Proxies #130
- TLP checks #96
- C1fApp Analyzer #64
- URLQuery Analyzer #18
- Cuckoo Analysis Fails #162
- MISP Warninglists analyzer #124
- PayloadSecurity Sandbox #121
- SinkDB Analyzer #112
- C1fApp OSINT analyzer #103
- TOR Exit Nodes IPs Analyzer #45
Merged pull requests:
- Fixed requirements parsing MsgParser/requirements.txt #159 (peasead)
- Censys.io analyzer #153 (3c7)
- Fix getting filenames in analyzers #140 (ant1)
- C1fApp Initial version #119 (etz69)
- Feature/bluecoat #84 (0xswitch)
- fix snort alerts #163 (garanews)
- Fix mode when creating FireHOL ipset directory #158 (srilumpa)
- Fixes #149, removes download_hashes.py #155 (3c7)
- Add Onyphe analyzers #152 (Pierre-Baudry)
- Joe Sandbox API version 2 support #141 (ant1)
- Tor blutmagie #139 (srilumpa)
- Tor project analyzer #138 (srilumpa)
- Added SinkDB analyzer #134 (3c7)
- Added MISP warning lists analyzer #129 (3c7)
- PayloadSecurity Analyzer #122 (typonino)
- Robtex API Analyzer #105 (3c7)
1.7.1 (2017-12-06)#
Closed issues:
- Issue with Shodan Analyzer #150
- Analyzers using online query fails to use system proxy settings #143
- Hippocampe Analyzer Fails #137
Merged pull requests:
1.7.0 (2017-11-08)#
Closed issues:
- PhishTank analyzer doesn't work #126
- Cuckoo Analyzer requires final slash #113
- Missing olefile in MsgParser requirements #101
- VirusTotal URL Scan Bug #93
Merged pull requests:
- add Analyzers Shodan #125 (sebdraven)
- Updated VT Links in Long Report #111 (saadkadhi)
- Adding netaddr to requirements for nessus analyzer #83 (drewstinnett)
- Fix PhishTank analyzer #128 (ilyaglow)
- Fixed: hide empty panel from template #108 (dadokkio)
- support both cuckoo versions #100 (garanews)
- Fixes MISP Analyzer name bug #95 (3c7)
- Added VxStream Sandbox (Hybrid Analysis) Analyzer #73 (yugoslavskiy)
1.6.5 (2017-11-05)#
1.6.4 (2017-11-04)#
Closed issues:
- Virusshare short report enhancements if SHA1 hash passed #115
- name parameter for the MISP analyzer does behave as expected #94
- MISP_2_0 analyzer does not seems compatible with python 2.7 #90
- ET Intelligence Analyzer #79
- Use naming conventions for analyzer config properties #33
- Hybrid Analysis Analyzer #26
Merged pull requests:
- fixed line break in WOT requirements.txt #132 (peasead)
- Revert "Updated VT links in Long report" #110 (saadkadhi)
- Updated VT links in Long report #98 (mthlvt)
1.6.3 (2017-09-10)#
Closed issues:
- GoogleSafebrowsing Analyzer Fails with AttributeErrors #92
Merged pull requests:
1.6.2 (2017-09-04)#
Closed issues:
- Invalid Yeti templates folder name #89
Merged pull requests:
- Updates to Virusshare analyzer #80 (colinvanniekerk)
1.6.1 (2017-09-04)#
Closed issues:
- MISPClient.__init__, ssl parameter default to True but later used as filename #87
Merged pull requests:
- Fixes bug in MISP client #88 (3c7)
- added WOT analyzer & fixed cuckoo templates issue #77 (garanews)
- Cuckoo Sandbox Analyzer #50 (garanews)
1.6.0 (2017-07-27)#
Closed issues:
1.5.1 (2017-07-13)#
Closed issues:
- Yara analyzer doesn't recognize 'sha1' field name from Yara-rules #62
- Virustotal Scan returning incorrect taxonomy on URL scan #74
1.5.0 (2017-07-05)#
Closed issues:
- AlienVault OTX API change #70
- Missing newlines in requirements.txt #60
- Add missing check_tlp config to GoogleSafeBrowsing analyzer #71
- Fix the URL configuration of Hippocampe analyzer #69
- Build a taxonomy in cortexutils #66
- Joe Sandbox 19: New Information in Reports #65
- Review summary() and short reports for https://github.com/CERT-BDF/TheHive/issues/131 #56
- Abuse_Finder analyzer analyzes "email" instead of "mail" #52
- CERT.at PassiveDNS Analyzer #13
Merged pull requests:
- Fixed mistake in blocklist script, added error on missing config #67 (3c7)
- There were no carriage returns so it would break if you wanted to mass install the analyzer requirements #61 (Popsiclestick)
1.4.4 (2017-06-15)#
Closed issues:
- Inconsistance between long and short reports in MISP analyzer #59
1.4.3 (2017-06-15)#
Closed issues:
- How Can I contribute with? #53
- cortexutils fails to generate error reports when the analyzer has no config #57
- Encoding problem in cortexutils #54
1.4.2 (2017-05-24)#
1.4.1 (2017-05-23)#
1.4.0 (2017-05-22)#
Closed issues:
- Joe Sandbox Analyser Issue #44
- Fortiguard API Changed #37
- FireHOL blocklists analyzer #31
- VMRay Analyzer #16
Merged pull requests:
1.3.1 (2017-05-12)#
1.3.0 (2017-05-08)#
Closed issues:
- Report template for JoeSandbox_Url_Analysis #46
- File_Info analyzer has problems examining pe files #38
- Update the polling interval in VT scan analyzer #42
- Make cortexutils compatible with python 2 and 3 #35
- Unify short template reports to use appropriate taxonomy #34
- Add author and url attributes to analyzer descriptior files #32
- Virusshare.com analyzer #30
- YARA Analyzer #19
- Google Safe Browsing Analyzer #17
- CIRCL.lu PassiveSSL Analyzer #12
- CIRCL.lu PassiveDNS Analyzer #11
- Cut python 2 dependency by replacing ioc-parser in cortexutils.analyzer #4
- Nessus Analyzer #1
Merged pull requests:
- Automatic ioc extraction using RegEx #40 (3c7)
- Added rate limit message for VirusTotal analyzer #39 (3c7)
- Use StringIO.StringIO() with python2 #36 (3c7)
1.2.0 (2017-03-31)#
Closed issues:
- OTXQuery : improve error handling #22
- Analyzer Caching #6
- Joe Sandbox Analyzer #27
- MISP Analyzer #14
Merged pull requests:
- Nessus Analyzer #20 (guillomovitch)
1.1.0 (2017-03-07)#
Closed issues:
- OTX Query error when processing a file in Cortex #21
- Python \< 2.7 crashes on version check #10
- VirusTotal GetReport can't get report for files from Cortex #9
- Normalize analyzer's JSON configuration file #8
- Analyzer Rate Limiting #5
- Working on analyzers: CIRCL.lu PassiveSSL/DNS, CERT.AT PassiveDNS, MISP, IntelMQ, VMRay, Google Safebrowsing, URLQuery, yara #3
1.0.0 (2017-02-17)#
Closed issues:
- "VirusTotal_Scan" analyzer is not checking for TLP #2
* This Changelog was automatically generated by github_changelog_generator