Skip to content

Changelog#

3.3.8#

Full Changelog

Closed issues:

  • [FR] JAMF Protect Prevent list responder #1292
  • [FR] Add AWS Lambda responder #1289
  • [FR] Censys Analyzer v2 #1287
  • [FR] Fix the version of TheHive4py dependencies in existing responders #1281
  • [Bug] OpenCTI Analyzer #1280
  • [Bug] Phistank analyzer failing #1276
  • New Analyzer: QrDecode #1274
  • [FR] Update Triage Analyzer to Configure Sandbox API #1263
  • [FR] mail-subject dataType should be used instead of mail_subject #1260
  • [Bug] Requirements don't get installed for new responder #1259
  • [FR] EclecticIQ Responder #1257
  • [FR] EclecticIQ Analyser #1255
  • [FR] Added capabilities/features for Microsoft Defender for Endpoint responder #1229
  • [Bug] Fortiguard parser error #1228
  • [FR]Binalyze AIR responder #1218
  • AWX Responder #1213
  • [Bug][URLhaus_2_0] - Empty summary for positive results #1210
  • Add a responder to send case information to Telegram #1132
  • [FR] Add Microsoft 365 Defender responder for Tenant Allow/Block List #1102
  • [FR] Add EchoTrail analyzer #1099
  • Hybrid Analysis Analyzer not working anymore #1090
  • [Bug] KnowBe4 Responder Missing Config Options #1086
  • [FR] DNSDumpster analyzer #1056
  • [FR] Okta User Lookup Analyzer #1047
  • Abuse_Finder_3_0 [KeyError: '\s'] #940
  • TorBlutmagie_1_0 doesn't work [Bug] #829
  • New Analyzer: Fireeye Capa (WIP) #822

3.3.7 (2024-04-11)#

Full Changelog

Closed issues:

  • [Bug] MISP_2_1 analyzer #1249
  • 'Triage' analyzer adapation to fit Recorded Future solution (based on Triage) #1237
  • [Bug] Proofpoint error: "Unexpected Error: Strings must be encoded before hashing" #1250

Merged pull requests:

  • #1250 fix: use file_digest to hash file #1251 (To-om)

3.3.6 (2024-02-16)#

Full Changelog

Closed issues:

  • [Bug] CrowdSec Analyzer: requests module missing #1227

Merged pull requests:

3.3.5 (2024-02-05)#

Full Changelog

Merged pull requests:

  • Updated ONYPHE documentation. Fixed potential naming conflict with legacy analyzer. #1244 (jimbobnet)
  • New ONYPHE Search, ASM and Vulnscan analyzers. Updated Summary Analyzer. #1242 (jimbobnet)
  • Fix missing requirements.txt in CrowdSec Analyzer #1224 (AlteredCoder)
  • StamusNetworks: fix error on empty network info #1220 (regit)

3.3.4 (2024-01-10)#

Full Changelog

Closed issues:

  • New Analyzer: QR Code Parser #1238
  • [FR] Include additional intelligence from Recorded Future enrichment #1231
  • [Bug] Virustotal Analyzer Docker stuck "In Progress" #1239

3.3.3 (2023-12-28)#

Full Changelog

Closed issues:

  • [Bug] Misp Analyzer #1235

Merged pull requests:

3.3.2 (2023-08-28)#

Full Changelog

Closed issues:

  • [Bug] sveral fixes for 3.3.1 #1214

Merged pull requests:

3.3.1 (2023-08-18)#

Full Changelog

3.3.0 (2023-08-16)#

Full Changelog

Closed issues:

  • [FR] Azure Sign In Retriever #1211
  • [Bug] Azure Revoke Session Token Responder #1202
  • [FR] Add Bypass option for Duo Security responder #1200
  • Missing requirements from analyzers #1171
  • [Bug] Checkpoint responder not building #1209
  • [Bug] VirusTotal get report ip_addresses do not return 'resolutions' #1204
  • [Bug] VirusTotal get report ip_addresses do not return report summary #1203
  • [Bug] OpenCTI Analyser #1182
  • [FR] Rename LastInfoSec Analyzer to Gatewatcher and add feature #1152
  • HarfangLab responder contribution #1125

Merged pull requests:

3.2.9 (2023-05-04)#

Full Changelog

Closed issues:

  • [FR] in-progress - Analyzer - Crowdstrike API to enrich observables #1176

3.2.8 (2023-03-09)#

Full Changelog

Closed issues:

  • [Bug] Eml Parser except Exception as e: error (Extra Spaces) in parse.py #1168

3.2.7 (2023-03-09)#

Full Changelog

Merged pull requests:

3.2.6 (2023-03-02)#

Full Changelog

Merged pull requests:

  • CrowdSec: Set user agent of crowdsec analyzer to crowdsec-cortex/v1.0.0 #1164 (sbs2001)

3.2.5 (2023-03-01)#

Full Changelog

3.2.4 (2023-03-01)#

Full Changelog

Closed issues:

  • [Bug] Analyzer Crt_sh_Transparency_Logs_1_0 not working #1139
  • [Bug] Analyzer GoogleDNS_resolve_1_0_0 not working #1136
  • [Bug] Container for analyzer FalconSandbox missing dependencies #1108
  • [FR] New Analyzer: Palo Alto Wildfire Sandbox #910
  • [Bug] error with emlparser #1162
  • [Bug] ProofPoint_Lookup_1_0 fails with "Strings must be encoded before hashing" #1160
  • [Bug] Analyzer Maltiverse_Report_1_0 type url not working #1140
  • [Bug] Censys analyzer not working #1134

Merged pull requests:

3.2.3 (2022-11-09)#

Full Changelog

Closed issues:

  • [Bug] Falcon Responder: update python path #1131
  • [Bug] Virustotal not working correctly with proxy settings #1130
  • [Bug] MSDefender Responder has no module named cortexutils #1107

3.2.2 (2022-10-27)#

Full Changelog

Closed issues:

  • update version of Emlparser report template #1129

3.2.1 (2022-10-25)#

Full Changelog

Closed issues:

  • [Bug] fix perms on main programs #1128

3.2.0 (2022-10-21)#

Full Changelog

Closed issues:

  • [FR] Upgrade OpenCTI analyzer for v4 compatibility #929
  • Updates for documentation website #1113
  • Build and manage images of private and custom analyzers/responders #1112
  • little improvements #1110
  • [FR] Virustotal Analyzer and VT API v3? (v2 will go offline soon) #1012
  • [FR] Verifalia analyzer #1007
  • [FR] ThreatMiner analyzer #1005
  • [FR] Kaspersky Threat Intelligence Portal analyzer #1003
  • [FR] IP-API analyzer #1001
  • [FR] CheckPhish Analyzer #997
  • [FR] Bitcoin Abuse Analyzer #995
  • [FR] SentinelOne Hash Blacklister (Responder) #781

Merged pull requests:

3.1.1 (2022-06-21)#

Full Changelog

Closed issues:

  • [Bug] programs are missing executable permission #1106
  • [Bug] Can't install dependencies for MSDefenderEnpoints #1105
  • [Bug] Docker image CIRCLHashlookup built without the execute bit on the python script #1101
  • [Bug] Shuffle_1_0 docker Permission denied #1091
  • [Bug] Elasticsearch_Analysis_1_0 docker Permission denied #1089

3.1.0 (2022-06-20)#

Full Changelog

Closed issues:

  • [FR] CIRCLHashlookup 1.1 #1077
  • [Bug]FalconCustomIOC Endpoint changed #1075
  • [FR] Allow analysts to mark an untouched task to not be deleted when closing the case #1072
  • [QUESTION] Get analyser jobs per case ? #1070
  • [FR] Get analyser jobs per case #1067
  • [DOC] How to create custom Analyzers or Responders catalogs #1060
  • [Bug] VirusTotal_GetReport_3_0 Error 403 #946
  • [Bug] CortexNeurons error parsing version in analyzer.json or responder.json #901
  • System proxy settings not set using global configuration #884
  • [Bug] EmlParser reports does not display correctly on small screens #1042
  • [Bug] Ldap_Query_2_0 Cortex Analyzer uid_search_field is missing Error #1030
  • [FR] Zscaler analyzer (New) #982
  • [FR] Cylance analyzer (New) #980
  • Censys analyzer is failing #917
  • [FR] Develop Responder for Microsoft Defender for Endpoint #908
  • Analyzer for Crowdstrike Falcon X - Sandbox #796

Merged pull requests:

3.0.3 (2021-11-15)#

Full Changelog

Closed issues:

  • [BUG] error=2, No such file or directory when running responder #1041
  • [Bug] FileInfo cannot build successfully #1019
  • [Bug][EMLParser] incomplete headers #976

3.0.2 (2021-08-05)#

Full Changelog

3.0.1 (2021-07-29)#

Full Changelog

3.0.0 (2021-07-27)#

Full Changelog

Closed issues:

  • [FR] Hashlookup (CIRCL) #1014
  • [FR] Improve MISP analyzer results #984
  • [Bug] Malware Clustering - py2neo #983
  • Update Cyberprotect Analyzer #973
  • [FR] Update GreyNoise Analyzer to support Community API #969
  • [FR] New Analyzer: Diario #966
  • [FR] Analyzer for Scirius Security Platform #958
  • [Improvement] EmlParser: manage report new observables of type 'file' #937
  • [FR] GreyNoise V3 - API update #912
  • [Doc] Check schema flavor json files #900
  • FileInfo: Add default value for manalyze_enable #881
  • Improve DShield #879
  • [Bug] Mail Responder recipient address not found in tags #860
  • [OSCD Initiative] Develop Responder for Gmail #859
  • [OSCD Initiative] Develop Responder for Azure Active Directory #858
  • [OSCD Initiative] Develop Responder for Palo Alto NGFW #855
  • [FR] Update AnyRun Analyzer to include privacy setting #853
  • [Bug] OTXQuery_2_0 analyzer does not work #850
  • [Bug] Wazuh Responder Not Working #844
  • New Analyzer: ElasticSearch Query #841
  • [FR] Merge new VMRay Analyzer #824
  • [Bug] CIRCLPassiveSSL uncaught exception on unexpected server behavior #805
  • [improvements] EMLParser: ensure observables are reported only once and detect URL in HTML messages #793
  • Add Analyzer for GRR #570
  • New Analyser: Strings #315

Merged pull requests:

2.9.7 (2021-07-27)#

Full Changelog

2.9.6 (2021-07-27)#

Full Changelog

2.9.5 (2021-07-27)#

Full Changelog

Closed issues:

  • GET /api/analyzerconfig/nameofbaseconfig returned 404 #978
  • [Bug] Cortex Responders How to get task log content? #975
  • hook #972
  • Issue with analyzer developement - Specific problem #968
  • Unable to querry date to cortex analyser #965
  • [Bug]Cisco Umbrella Responder #954
  • [Bug] OpenCTI analyser: missing Python module? #945
  • Analyzers don't work #939
  • [Bug] TheHive can't execute Analyser on multi-organization Cortex #938
  • [Bug] Anyrun_Sandbox_Analysis_1_0 report-template is not correctly named according to documentation #935
  • [Bug] FileInfo_7_0 error if msg has encrypted zip attachment #924
  • IVRE-based analyzer #922
  • [FR] Responder which sends a mail with a detailed incident status #920
  • [FR] Virustotal custom functionality #899
  • [Bug] mispwarninglist update errors when using database backend #890
  • [OSCD Initiative] Develop Responder for Duo Security #857
  • [Improvement] FileInfo should include actual attachments in the report #839
  • [FR] DNSDB analyzer - more limiter options #770

2.9.4 (2021-02-05)#

Full Changelog

Closed issues:

  • [Bug] Hashdd not working #931
  • [Bug] Changes to Application.conf #918
  • [Bug] Abuse_Finder analyzer fails #914
  • FileInfo_7_0 #905
  • [Bug] Splunk search analyzer - Password is not hidden #903
  • [Bug] Splunk TypeError jobResult["resultCount"] implicit int cast #896
  • [Bug] Retrieve email headers #895
  • [Bug] MineMeld responder domain IOC incorrect type #892
  • mispwarninglist with postgres initialization not working #885
  • LDAP3 Module not found on cortex analyser #883
  • Drone: improve process of catalogs generation and package of template #882
  • Cortex Analysers problem #878
  • [Bug] FileInfo/fileinfo_analyzer.py Missing Library #866
  • [Bug] OTX analyser no requests module on line 4 #818
  • EML_Parser auto extract URL and Attachment as observable #395

2.9.3 (2020-10-16)#

Full Changelog

2.9.2 (2020-10-15)#

Full Changelog

Closed issues:

  • [Bug] TalosReputation_1_0. Failed to query Talos details. Status_code 503 #874
  • [Bug] EmlParser_1_2 fails to find iocextract library despite it being installed. #871
  • [Bug] #867
  • [Bug] Mailer Responder not working within tasks #846
  • [Bug] Fix doc #838
  • [Bug]Robtex api end point are no longer valid? #821
  • [Bug]Pulsedive analyzer doesn't work #788
  • [Bug] Msg_Parser_2_0 #601
  • Malwareconfig Lookup and Yara Rule Additions #174

2.9.1 (2020-08-13)#

Full Changelog

2.9.0 (2020-08-12)#

Full Changelog

Closed issues:

  • [Bug] Docker images of some responders are not built #834
  • PhishTank_CheckURL_2_1 doesn't work[Bug] #833
  • [FR] Velociraptor Analyzer/Responder #579
  • [Bug] Mailer_1_0 not working #835
  • PhishingInitiative_Scan_1_0 doesn't work[Bug] #832
  • Hashdd_Detail_1_0 doesn't work [Bug] #831
  • MalwareBazaar_1_0 doesn't support types of observables, but writed that it does[Bug] #830
  • MISPWarninglists analyzer doesn't work [Bug] #827
  • New Analyzer: ForcepointWebsensePing #817
  • [FR] add SpamAssassin analyzer #810
  • [PATCH] Implement some other ONYPHE simple APIs (but still not the search API) #372

Merged pull requests:

2.8.7 (2020-08-03)#

Full Changelog

Closed issues:

  • Robtex_IP_Query_1_0 doesn't work [Bug] #828

2.8.6 (2020-07-15)#

Full Changelog

Closed issues:

  • [Bug] VirustotalDownloader docker image not available #820

2.8.5 (2020-07-13)#

Full Changelog

Closed issues:

  • [FR] Splunk search analyzer #791

2.8.4 (2020-07-02)#

Full Changelog

2.8.3 (2020-07-02)#

Full Changelog

Closed issues:

  • [Bug] missing simplejson lib in ThreatGrid analyzer #812

2.8.2 (2020-07-02)#

Full Changelog

2.8.1 (2020-07-02)#

Full Changelog

Closed issues:

  • [FR] New Analyzer: LastInfoSec IoC Analysis #753
  • [Bug] IntezerCommunity Analyser: Permission denied #801

2.8.0 (2020-06-30)#

Full Changelog

Closed issues:

  • [FR] Rename Lis_GetReport analyzer to LastInfoSec #808
  • [Bug] JSONDecodeError with dockerized analyzers #800
  • EML-Parser Requirements file missing pip requirement #792
  • [Bug] MineMeld_1_0 Obesrvable not reaching destination. #773
  • [Bug] Abuse_Finder : pythonwhois dependency tree broken #742
  • ELK - Elasticsearch or Kibana analyzer (contribution survey) #419
  • Remove catalogs #789
  • [Bug] Wazuh responder not working. #778
  • [Bug] Minemeld Responder: No module named 'requests' #774
  • WOT: Moving from legacy to the new endpoint #771
  • New Responder: Virustotal Downloader #765
  • ThreatResponse analyzer fails #759
  • [FR] SendGrid based mail delivery via HTTPS API #738
  • [FR] Mailer should support TLS/START-TLS and authentication #737
  • Use APIv2 in Onyphe analyers #736
  • Mailer incorrectly informes about missing receipient address in artifacts for Case object #379

Merged pull requests:

2.7.0 (2020-05-15)#

Full Changelog

Closed issues:

  • [Bug] MaxMind #752
  • json.dump \n and \" #743
  • [Bug] Yeti Analyzer docker images pip installing pyeti #708
  • [Bug] FireHOLBlocklists No such file or directory #707
  • [Bug] Worker cannot be run #595
  • New analyzer : Google Vision API #298
  • BlueCoat Malware Analysis Sandbox Analyzer #145
  • [Bug] EmailRep #750
  • [Bug] Shodan Analyzer: Inconsistent Key References #748
  • New Analyzer: ANY.RUN #734
  • [discussion] Mispwarninglist analyzer speed issue and proposed improvement #731
  • New Analyzer: OpenCTI #723
  • New Analyzer: MalwareBazaar #722
  • Improvement: extract IOCs from EmlParser #710
  • [Bug] DNSDB Analyzer Python 3 incompatability #613
  • [FR] CyberChef Analyzer #600
  • [Bug] Crt_sh_Transparency_Logs_1_0 - No JSON object could be decoded #594
  • [FR] Yeti Analyzer - SSL error with self signed certificate #468
  • Cortex Responder for creating RT (Request Tracker) tickets out of TheHive #430
  • [Bug] TheHive isn't showing error messages from responders #429

Merged pull requests:

2.6.0 (2020-03-25)#

Full Changelog

Closed issues:

  • [Bug] Importing Templates of Analyzers in Hive #704
  • Responder Cisco AMP for Endpoints #593
  • Analyzer Cisco Threat Response #592
  • MISP-Warninglists Analyzer Outdated #569
  • [Bug] VMRay Returns Error #520
  • Invalid requirements in responder FalconCustomIOC requirements.txt #509
  • ClamAV New analyzer #311
  • New Analyzer: Mnemonic PDNS (Public & Closed) #255
  • CISCO AMP Sandbox Analyzer #146
  • [Bug] FileInfo does not run Oletools submodule for a doc #705
  • [Bug] Investigate Analyzer Broken #703
  • [Bug] AbuseIPDB analyzer returns error #701
  • Analyzers missing cortexutils in requirements.txt #695
  • [Bug] abuselpdb stop stupport APIv1 #618
  • [Bug] All Onyphe analyzer return "Invalid output" #591
  • [Bug] Mailer 1_0 #573
  • Intezer Community analyzer #504
  • Analyzer Feature: URLScan.io "Scan" Service #405
  • New Analyzer: NSRL check #391

Merged pull requests:

2.5.0 (2020-02-24)#

Full Changelog

Closed issues:

  • [Bug] Umbrella Investigate report error message 'Unknown Investigate service or invalid data type' #698
  • IPVoid IP reputation API #454
  • [Bug] Cuckoo Analyzer Fails when it hasn't been executed for many hours #437
  • Virusshare analyzer: suggesting another way to retrieve hash file names #359
  • Issue with Cuckoo Sanbox Analyzer #148
  • Cuckoo analyzer sometimes failes #114

Merged pull requests:

2.4.1 (2020-02-11)#

Full Changelog

Closed issues:

  • [Bug] MaxMind_GeoIP_3_0 #564
  • Emailrep.io analyzer #466
  • IPinfo analyzer #462
  • Maltiverse Analyzer #440
  • [FR] Spamhaus DBL Analyzer #436
  • New Analyzer: SoltraEdge #264
  • Error when building docker image for MalwareClustering #620
  • Abuse Finder not working with docker after force usage of python3 #619
  • Rename AUTOFOCUS analyzers to Autofocus #616
  • [Bug] Permission Denied on Analyzer Execution #614
  • [Bug] VirusTotal script elif statement ends with semicolon typo #610
  • FileInfo_7_0 -- msg-Extract #545

2.4.0 (2020-02-10)#

Full Changelog

Closed issues:

  • [Bug] SSL verification failing for majority of analyzers. #605
  • Cisco Umbrella Investigate Analyzer [FR] #583
  • [Bug] JoeSandbox analyzer fails if terms and conditions are not accepted #565
  • [Bug] Can't Remove an Analyzer #528
  • PayloadSecurity analyzer sslverify config conversion bug. #185
  • [Bug] MISP 2.0 analyzer search crashes the MISP instance #602
  • Add Wazuh Responder #578
  • [FR] Palo Alto Minemeld Responder #577
  • [FR] Team Cymru Malware Hash Registry Analyzer #576
  • OTXQuery Error - No module named requests #574
  • [Bug] Abuse_Finder_2_0 #566
  • New Responder: KnowBe4 (WIP) #548
  • [FR] Analyzer for PaloAltoNetworks Autofocus service #472
  • Force python3 in all analyzers #361

Merged pull requests:

2.3.0 (2019-11-28)#

Full Changelog

Closed issues:

  • Old non-existent analysers showing in Cortex [Bug] #553
  • [Bug] Custom responder not working after upgrade to cortex 3 #542
  • [Bug] ThreatCrowd analyzer not respecting Max TLP value #527
  • [Bug]Missing baseConfig in two Analyzsers #508
  • FileInfo_5_0 Cannot parse PDF files #495
  • [Bug] MISP analyzer does not connect to MISP #480
  • MaxMind Analyzer: Use commercial databases with geoipupdate #474
  • [Bug] Missing module dependencies on responders #561
  • [Bug] #552
  • [Bug] Requests module is missing in PhishTank checkurl analyzer docker image #551
  • Add mime types of encrypted documents #550
  • [Bug] Cuckoo Sandbox 2.0.7 #544
  • [Bug] Docker build fails due to spaces in some responders #540
  • Talos Analyzer No Longer Works #521
  • [Bug] Fortiguard: Category parsing does not handle "-" #493

Merged pull requests:

2.2.0 (2019-10-01)#

Full Changelog

Closed issues:

  • Template reports problem with custom analyzers #526
  • [Bug] VirusTotal_GetReport does not work anymore #519
  • [Bug] Cortex Analyzers Invalid output #515
  • [Bug] FileInfo crashes with some PDF #536
  • [Bug] Hybrid Analysis getReport fails with observable with datatype = file #535
  • [FR] Manage encrypted Office documents in FileInfo #533
  • [FR] Responder "request for takedown" in Zerofox #532
  • [FR] Responder "Close Alert" for Zerofox #531
  • [Bug] HIBP Analyser no longer works #524
  • [FR] Use HEAD instead of GET in UnshortenLink #506
  • [Misc] Remove Cymon analyzer #489
  • [Bug] Umbrella_Report_1_0 analyzer returning Invalid output #459
  • Responder QRadarAutoClose #441
  • Responder: Block a "domain" observable via BIND RPZ DDNS update #435
  • Encoding error in Shodan results #322
  • Option to ignore SSL errors from analyzers #228

Merged pull requests:

2.1.8 (2019-07-12)#

Full Changelog

Closed issues:

  • [Bug] PassiveTotal SSL Certificate History analyzer always report at least one record, even if there isn't one #513

2.1.7 (2019-07-10)#

Full Changelog

Closed issues:

  • [Bug] FortiGuard cannot parse response content #491
  • New analyzer: Talos Reputation #426
  • Threatcrowd, TorBlutmagie, TorProject not displayed #414
  • OTXQuery_2_0 Error when submitting IP address #363
  • Dockerising analyzers #246
  • Analyzer Template Check-Up #213

2.1.6 (2019-06-21)#

Full Changelog

Closed issues:

  • Missing request lib in the docker of Fortiguard analyzer #503

Merged pull requests:

2.1.5 (2019-06-20)#

Full Changelog

Closed issues:

  • Docker for EmlParser is not working, python-magic is missing #502

2.1.4 (2019-06-20)#

Full Changelog

Closed issues:

  • TalosReputation : not cortexutils in requirements.txt #501

2.1.3 (2019-06-17)#

Full Changelog

Closed issues:

  • Problem with iocp requirement #500

2.1.2 (2019-06-16)#

Full Changelog

2.1.1 (2019-06-16)#

Full Changelog

2.1.0 (2019-06-09)#

Full Changelog

Closed issues:

  • [Bug] IBM X-Force Analyzer adds an extra slash which prevents it from running correctly #487
  • "errorMessage": "Missing dataType field" #481
  • Hashdd_Detail_1_0 throwing error #461
  • Cuckoo Sandbox Analyzer error #458
  • "errorMessage": "Invalid output\n" on Mail Responder #452
  • [Bug] EmlParser has incomplete header #484
  • [Bug] OpenXML files detected as zip but ignored by Oletools. #475
  • [Bug] Malwares_GetReport_1_0 #470
  • FileInfo : extract URL from documents like PDF or Office #465
  • Use up to date msg-Extract lib in FileInfo #464
  • [FR] Updated crt.sh Analyzer #438

Merged pull requests:

2.0.1 (2019-04-05)#

Full Changelog

Closed issues:

  • [Bug] Invalid version for stable Docker image #453

2.0.0 (2019-04-05)#

Full Changelog

Closed issues:

  • [Help Wanted] First Analyser #449
  • [FR] Remove contrib folder #451
  • [FR] Add support to dockerized analyzers #450

1.16.0 (2019-03-27)#

Full Changelog

Closed issues:

  • Different analyzer results between manually built instance and trainingVM #442
  • [Bug] #433
  • Crowdstrike Falcon Responder #423
  • Backscatter.io Analyzer #422
  • AbuseIPDB analyzer creation #353

Merged pull requests:

1.15.3 (2019-02-28)#

Full Changelog

Closed issues:

  • [FR] New URLhaus API #431
  • Proofpoint analyzer fails Unexpected Error: Unicode-objects must be encoded before hashing #417

Merged pull requests:

1.15.2 (2019-02-11)#

Full Changelog

Closed issues:

  • Analyzer creation : "invalid output" #412
  • EmlParser_1_1 not parsing .msg files #401
  • MISP Analyzer only queries first configured MISP instance #378
  • Issue with encoding in mailer responder #416
  • Restrict UnshortenLink usage to urls without IPs and/or ports #413
  • Crtsh Analyzer: crt.sh result is a nested list #410
  • MISP: fix requirements; enum not required for python 3.4+ #409
  • FileInfo Manalyze - [plugin_btcaddress] Renamed to plugin_cryptoaddress. #408
  • Bug: a broken link in the Cymon_Check_IP report #406
  • Wrong File handling in OTXQuery Analyzer #313

Merged pull requests:

  • Fix for #410 removed wrapping of crt.sh result in a list #411 (sprungknoedl)
  • Fix a broken link in the Cymon_Check_IP report #407 (ninoseki)

1.15.1 (2019-01-09)#

Full Changelog

Closed issues:

  • Wrong command path in HIBP_Query.json #404
  • Malwares Analyzer for Python 3.4+ #402

Merged pull requests:

  • make code python 3.4 compatible #403 (dadokkio)
  • fix the lack of dependency called enum in ubuntu 16.04 #398 (yojo3000)

1.15.0 (2018-12-20)#

Full Changelog

Closed issues:

  • Analyzer report samples/examples #390
  • Improvement: Eml_Parser Analyzer & Template #394
  • New Analyzer: Cisco Umbrella Reporting #385
  • Cisco Umbrella Blacklister Responder #382
  • New analyzer : Cyberprotect ThreatScore #373
  • New Analyzer: SecurityTrails #370
  • Fortigard Report Template needs to be updated with new reclassification url #345
  • Revamp Shodan analyzer #327
  • Update DomainTools analyzer with new flavors #320
  • Add support for query parameters in DNSDB #318
  • Analyzer - Haveibeenpwned.com Lookup #190

Merged pull requests:

1.14.4 (2018-12-05)#

Full Changelog

Closed issues:

  • New Analyzer: ';--have i been pwned? #388
  • Add option to specify SMTP Port for Mailer Responder #377
  • Virustotal: update short reports to distinguish Scan from GetReport flavors #389
  • msg-extractor library has been updated and brakes FileInfo analyzer #384

1.14.3 (2018-11-28)#

Full Changelog

Closed issues:

  • CERTatPassiveDNS_2_0 Invalid File for WHOIS.sh #349
  • eml_parser Unexpected Error: list index out of range #352

1.14.2 (2018-11-16)#

Full Changelog

Closed issues:

  • Fix URLHaus long template #375

1.14.1 (2018-11-09)#

Full Changelog

Closed issues:

  • FileInfo 5.0 Dockerized .exe analysis #369
  • Proofpoint analyzer definition missing the configuration objects #366

Merged pull requests:

  • fix in case GSB value is missing #365 (garanews)
  • fix: "cut: the delimiter must be a single character" #364 (garanews)
  • Fix for Fortiguard to handle FQDNs as well as domains and urls #358 (phpsystems)

1.14.0 (2018-10-26)#

Full Changelog

Closed issues:

  • Joe Sandbox Analyzer returning error with Joe Sandbox Cloud Pro #357
  • Yara analyzer: 'can't open include file' #354
  • Cortex Responder - Invalid Output #331
  • Add support to responders in cortexutils #316
  • Could not get Yeti analyzer worked in cortex #307
  • IPv4 address Extractor regex does not match only IPv4 address #198
  • MISP WarningLists CIDR notation support #197
  • Request for a Cortex Analyzer for Recorded Future #102
  • Fixes file not found issue and empty result set in CERT.at passive dns analyzer #362
  • Add RTF support in FileInfo #360
  • Force python3 for MISP-Analyzer #356
  • PassiveTotal_Passive_Dns_2_0 ordering issue #329
  • Add new flavors in Onyphe analyzer #324
  • HybridAnalysis analyzer does not properly handle filenames on some cases #323
  • New Analyzer: Investigate #309
  • New analyzer : Google DNS over HTTPS #306
  • Improve error msg when VT Get Report does not have an entry for #248
  • Urlscan Analyzer #131
  • Proofpoint Forensics Lookup #117

Merged pull requests:

1.13.2 (2018-10-16)#

Full Changelog

Closed issues:

  • Cuckoo file submission Analyzer error #177

1.13.1 (2018-09-19)#

Full Changelog

Closed issues:

  • Wrong datatype in artifact() in DShield analyzer #344

1.13.0 (2018-09-18)#

Full Changelog

Closed issues:

  • Cortex Responder - "thehive:log" datatype #343
  • DomainTools Analyzer Risk is broken. Gives authentication errors #338
  • Cortex-analyzer deb package? #336
  • Fix issues with VMRay analyzer #332
  • StopForumSpam analyzer #205
  • Fireeye iSIGHT Analyzer #160
  • Fix code in Domaintools analyzer #341
  • Wrong template in C1fApp analyzer short report #340
  • Whois History has no mini report #339
  • MISP Analysis failes #335
  • [URLhaus] Change of format from URLhaus #308
  • New analyzer: Pulsedive #303
  • FortiGuard URL: taxonomy is too rigid #295
  • New analyzer : Hunter.io #293
  • Manalyze analyzer #116

Merged pull requests:

1.12.0 (2018-07-31)#

Full Changelog

Closed issues:

  • Analyzer Running Issues : Invalid Output error on Cortex GUI #302

Merged pull requests:

1.11.0 (2018-07-13)#

Full Changelog

Closed issues:

  • disable #301
  • New analyzer: DShield #299
  • New Analyzer: hashdd #282
  • Analyzer Issue : Abuse_Finder #277
  • New DomainTools API services requires new analyzer #240
  • Malwares analyzer has wrong api URL #292
  • remove double quotes in short reports #291
  • MISP analyzer certificate validation and name configuration #286
  • FileInfo fixes #281
  • Update DomainTools Analyzer to pull Risk and Proximity Score #214
  • [OS3 Hackathon] Refactor File_Info Analyzer #212

Merged pull requests:

1.10.4 (2018-06-23)#

Full Changelog

Closed issues:

  • IBM X-Force and Abuse finder problems found in shorts and long report #290

1.10.3 (2018-06-18)#

Full Changelog

Closed issues:

  • Ofuscating an IOC signature before analyzing on VT #288
  • New analyzer : Threatcrowd #243
  • IBM X-Force Exchange Analyzer #144
  • Msg_Parser analyser show for all files #136
  • API Keys to be submitted through Cortex for Analyzers #7
  • ibm xforce analyzer "show-all" buttons don't work #287

1.10.2 (2018-06-08)#

Full Changelog

Closed issues:

  • Yara config for multi pathes is not parsing correctly in platform #274
  • Install analyzers in Red Hat Enterprise 7 #257
  • File encoding issue in Threatcrowd json file #283
  • IBMXForce template name #280
  • Allow to set self signed certificates in VMRay analyzer #279
  • IBMXforce Analyzer forces TLP1 #278
  • Greynoise minireport does not give any info when there is no record in report #275
  • encoding problem in ThreatCrowd #273

1.10.1 (2018-06-06)#

Full Changelog

Closed issues:

  • Wrong name for Staxx report template #272

1.10.0 (2018-06-06)#

Full Changelog

Closed issues:

  • Phishtank checkURL fails #261
  • New analyzer: malwares.com #251
  • DomainTools authentication appears to be broken #206
  • Release 1.10.0 #270
  • Create GreyNoise analyzer template #269
  • No short report in Hybrid-Analysis when there is no result #267
  • Payloadsecurity #262
  • Bug in EmergingThreats_MalwareInfo analyzer #258
  • Error in permalink in Cymon long report template #238
  • Add ip dataType to CERT.at Passive DNS analyzer #237
  • Grey Noise analyzer #231
  • URLhaus analyzer #226
  • cybercrime-tracker.net analyzer #220
  • Anomali Staxx Analyzer #180

Merged pull requests:

1.9.7 (2018-05-29)#

Full Changelog

Closed issues:

  • extend templates with external libraries #250
  • Update analyzers configuration for Cortex2 #172
  • Bluecoat Analyzer #85
  • Yara no longer processing rules after cortex 2.0 update #245

1.9.6 (2018-04-25)#

Full Changelog

Closed issues:

  • Yeti pyton lib fails to install for python_version > 2.7 #241

1.9.5 (2018-04-18)#

Full Changelog

Closed issues:

  • VirusTotal Analyzer requirements missing from docker image #230
  • Remove emerging threat wrong template files #233
  • Censys analyzer : no uid given but the parameter is set #232

1.9.4 (2018-04-13)#

Full Changelog

Closed issues:

  • CIRCLPassiveSSL_2_0 requires colons or dashes in hashes #229
  • Hybrid Analysis returns success when filename query didn't work #223

Merged pull requests:

  • Fix JSB Url Analysis template #207 (ant1)

1.9.3 (2018-04-09)#

Full Changelog

Closed issues:

  • Feature Request: haveibeenpwned.com #189
  • Fix the default config of Cymon_Check_IP analyzer #225
  • Restrict abuse_finder and file_info dependencies to Python 2.7 #224
  • MISPWarningLists Analyzer searches for hashes case sensitive #221
  • Bluecoat Categorization failes #216
  • View All in template long not working #208
  • Cuckoo Analyzer changes the name of the file #188

1.9.2 (2018-04-04)#

Full Changelog

Closed issues:

  • Hybrid Analysis analyzer successful even if rate limit reached #215
  • Supper the new auto extract config name #219
  • Data field missing on file submission #218
  • OTXQuery_2_0 failes with Cortex2 #217

1.9.1 (2018-03-30)#

Full Changelog

1.9.0 (2018-03-29)#

Full Changelog

Closed issues:

  • Fortiguard analyzer : use HTTPS to request fortiguard service #201
  • DomainTools_ReverseIP should accept fqdn and/or domain as datatype #193
  • Manage domain datatype in Name_history service of DNSDB analyzer #183
  • Manage fqdn datatype in domain_name service of DNSDB analyzer #182
  • Improve Phishtank maliciousness results #181
  • IP type for CIRCL Passive DNS and others #99

Merged pull requests:

  • Fixes some problems with automatic artifact extraction #184 (3c7)
  • WIP: PEP8 all the things #165 (3c7)
  • added Malpedia Analyzer #168 (garanews)
  • Addedd cymon cortex analyzers #133 (ST2Labs)

1.8.3 (2018-03-23)#

Full Changelog

Closed issues:

  • Abuse_Finder_2_0 - Invalid analyzer output format #211
  • Bug in Abuse_Finder Analyzer #161

1.8.2 (2018-03-21)#

Full Changelog

Closed issues:

  • Cortex-Analyzer - MISP-plugin no "ssl-verify = False" option #210
  • Cortex-Analyzer - MISP-plugin without proxy support/recognition #209
  • Bug: FortiGuard URLCategory Failure #203
  • MISP WarningLists long report does not display results #195
  • error in MISP/requirements.txt #179
  • Cuckoo Permission Denied #178
  • MISP Analyzer Tag and Sightings pull #175
  • Onyphe_Ports_1_0 return bad data in JSON object #169
  • Joe Sandbox Analyzer returning error #156

Merged pull requests:

1.8.1 (2018-02-05)#

Full Changelog

Closed issues:

  • Bluecoat analyzer fails if domain contains subdomain #173
  • Bug in Onyphe_Threats_1 analyzer #170
  • Malpedia (yara) Analyzer #166
  • Updating VMRay Analyzer to accept files as dataType #157

1.8.0 (2018-01-11)#

Full Changelog

Closed issues:

  • MISP analyzer certpath option doesn't accept bool value #164
  • VirusShare downloader bash script bug #149
  • Censys.io analyzer #135
  • VirusTotal ignores Environment Proxies #130
  • TLP checks #96
  • C1fApp Analyzer #64
  • URLQuery Analyzer #18
  • Cuckoo Analysis Fails #162
  • MISP Warninglists analyzer #124
  • PayloadSecurity Sandbox #121
  • SinkDB Analyzer #112
  • C1fApp OSINT analyzer #103
  • TOR Exit Nodes IPs Analyzer #45

Merged pull requests:

1.7.1 (2017-12-06)#

Full Changelog

Closed issues:

  • Issue with Shodan Analyzer #150
  • Analyzers using online query fails to use system proxy settings #143
  • Hippocampe Analyzer Fails #137

Merged pull requests:

  • Rename hybridanalysis_analyzer.py to HybridAnalysis_analyzer.py #151 (treed593)

1.7.0 (2017-11-08)#

Full Changelog

Closed issues:

  • PhishTank analyzer doesn't work #126
  • Cuckoo Analyzer requires final slash #113
  • Missing olefile in MsgParser requirements #101
  • VirusTotal URL Scan Bug #93

Merged pull requests:

1.6.5 (2017-11-05)#

Full Changelog

1.6.4 (2017-11-04)#

Full Changelog

Closed issues:

  • Virusshare short report enhancements if SHA1 hash passed #115
  • name parameter for the MISP analyzer does behave as expected #94
  • MISP_2_0 analyzer does not seems compatible with python 2.7 #90
  • ET Intelligence Analyzer #79
  • Use naming conventions for analyzer config properties #33
  • Hybrid Analysis Analyzer #26

Merged pull requests:

1.6.3 (2017-09-10)#

Full Changelog

Closed issues:

  • GoogleSafebrowsing Analyzer Fails with AttributeErrors #92

Merged pull requests:

  • MISP Analyzer: forgot to add same procedure if using just one MISP-Server #91 (3c7)

1.6.2 (2017-09-04)#

Full Changelog

Closed issues:

  • Invalid Yeti templates folder name #89

Merged pull requests:

1.6.1 (2017-09-04)#

Full Changelog

Closed issues:

  • MISPClient.__init__, ssl parameter default to True but later used as filename #87

Merged pull requests:

  • Fixes bug in MISP client #88 (3c7)
  • added WOT analyzer & fixed cuckoo templates issue #77 (garanews)
  • Cuckoo Sandbox Analyzer #50 (garanews)

1.6.0 (2017-07-27)#

Full Changelog

Closed issues:

  • WOT analyzer #82
  • Add Analyzer for Yeti Platform #68
  • Cuckoo Sandbox Analyzer #23

1.5.1 (2017-07-13)#

Full Changelog

Closed issues:

  • Yara analyzer doesn't recognize 'sha1' field name from Yara-rules #62
  • Virustotal Scan returning incorrect taxonomy on URL scan #74

1.5.0 (2017-07-05)#

Full Changelog

Closed issues:

  • AlienVault OTX API change #70
  • Missing newlines in requirements.txt #60
  • Add missing check_tlp config to GoogleSafeBrowsing analyzer #71
  • Fix the URL configuration of Hippocampe analyzer #69
  • Build a taxonomy in cortexutils #66
  • Joe Sandbox 19: New Information in Reports #65
  • Review summary() and short reports for https://github.com/CERT-BDF/TheHive/issues/131 #56
  • Abuse_Finder analyzer analyzes "email" instead of "mail" #52
  • CERT.at PassiveDNS Analyzer #13

Merged pull requests:

  • Fixed mistake in blocklist script, added error on missing config #67 (3c7)
  • There were no carriage returns so it would break if you wanted to mass install the analyzer requirements #61 (Popsiclestick)

1.4.4 (2017-06-15)#

Full Changelog

Closed issues:

  • Inconsistance between long and short reports in MISP analyzer #59

1.4.3 (2017-06-15)#

Full Changelog

Closed issues:

  • How Can I contribute with? #53
  • cortexutils fails to generate error reports when the analyzer has no config #57
  • Encoding problem in cortexutils #54

1.4.2 (2017-05-24)#

Full Changelog

1.4.1 (2017-05-23)#

Full Changelog

1.4.0 (2017-05-22)#

Full Changelog

Closed issues:

  • Joe Sandbox Analyser Issue #44
  • Fortiguard API Changed #37
  • FireHOL blocklists analyzer #31
  • VMRay Analyzer #16

Merged pull requests:

  • corrected for change to fortiguard portal #51 (ecapuano)

1.3.1 (2017-05-12)#

Full Changelog

1.3.0 (2017-05-08)#

Full Changelog

Closed issues:

  • Report template for JoeSandbox_Url_Analysis #46
  • File_Info analyzer has problems examining pe files #38
  • Update the polling interval in VT scan analyzer #42
  • Make cortexutils compatible with python 2 and 3 #35
  • Unify short template reports to use appropriate taxonomy #34
  • Add author and url attributes to analyzer descriptior files #32
  • Virusshare.com analyzer #30
  • YARA Analyzer #19
  • Google Safe Browsing Analyzer #17
  • CIRCL.lu PassiveSSL Analyzer #12
  • CIRCL.lu PassiveDNS Analyzer #11
  • Cut python 2 dependency by replacing ioc-parser in cortexutils.analyzer #4
  • Nessus Analyzer #1

Merged pull requests:

  • Automatic ioc extraction using RegEx #40 (3c7)
  • Added rate limit message for VirusTotal analyzer #39 (3c7)
  • Use StringIO.StringIO() with python2 #36 (3c7)

1.2.0 (2017-03-31)#

Full Changelog

Closed issues:

  • OTXQuery : improve error handling #22
  • Analyzer Caching #6
  • Joe Sandbox Analyzer #27
  • MISP Analyzer #14

Merged pull requests:

1.1.0 (2017-03-07)#

Full Changelog

Closed issues:

  • OTX Query error when processing a file in Cortex #21
  • Python \< 2.7 crashes on version check #10
  • VirusTotal GetReport can't get report for files from Cortex #9
  • Normalize analyzer's JSON configuration file #8
  • Analyzer Rate Limiting #5
  • Working on analyzers: CIRCL.lu PassiveSSL/DNS, CERT.AT PassiveDNS, MISP, IntelMQ, VMRay, Google Safebrowsing, URLQuery, yara #3

1.0.0 (2017-02-17)#

Full Changelog

Closed issues:

  • "VirusTotal_Scan" analyzer is not checking for TLP #2

* This Changelog was automatically generated by github_changelog_generator