Fixed bugs:
- [Bug] Mailer_1_0 not working #835
- [Bug] Docker images of some responders are not built #834
- PhishTank_CheckURL_2_1 doesn't work[Bug] #833
- PhishingInitiative_Scan_1_0 doesn't work[Bug] #832
- Hashdd_Detail_1_0 doesn't work [Bug] #831
- MalwareBazaar_1_0 doesn't support types of observables, but writed that it does[Bug] #830
- MISPWarninglists analyzer doesn't work [Bug] #827
Closed issues:
- New Analyzer: ForcepointWebsensePing #817
- [FR] add SpamAssassin analyzer #810
- [FR] Velociraptor Analyzer/Responder #579
2.8.7 (2020-08-03)
Fixed bugs:
- Robtex_IP_Query_1_0 doesn't work [Bug] #828
2.8.6 (2020-07-15)
Fixed bugs:
- [Bug] VirustotalDownloader docker image not available #820
2.8.5 (2020-07-13)
Implemented enhancements:
- [PATCH] Implement some other ONYPHE simple APIs (but still not the search API) #372
Closed issues:
- [FR] Splunk search analyzer #791
2.8.4 (2020-07-02)
2.8.3 (2020-07-02)
Fixed bugs:
- [Bug] missing simplejson lib in ThreatGrid analyzer #812
2.8.2 (2020-07-02)
2.8.1 (2020-07-02)
Fixed bugs:
- [Bug] IntezerCommunity Analyser: Permission denied #801
Closed issues:
- [FR] New Analyzer: LastInfoSec IoC Analysis #753
2.8.0 (2020-06-30)
Implemented enhancements:
- Remove catalogs #789
- WOT: Moving from legacy to the new endpoint #771
- #789 catalogs removed #790 (jeromeleonard)
- DomainTools Iris Analyzer Report Updates #760 (ChuckWoodraska)
- Updating to use new API #483 (obikao)
Fixed bugs:
- [Bug] JSONDecodeError with dockerized analyzers #800
- [Bug] MineMeld_1_0 Obesrvable not reaching destination. #773
- [Bug] Abuse_Finder : pythonwhois dependency tree broken #742
- [Bug] Wazuh responder not working. #778
- [Bug] Minemeld Responder: No module named 'requests' #774
- ThreatResponse analyzer fails #759
- Mailer incorrectly informes about missing receipient address in artifacts for Case object #379
Closed issues:
- [FR] Rename Lis_GetReport analyzer to LastInfoSec #808
- EML-Parser Requirements file missing pip requirement #792
- ELK - Elasticsearch or Kibana analyzer (contribution survey) #419
- New Responder: Virustotal Downloader #765
- [FR] SendGrid based mail delivery via HTTPS API #738
- [FR] Mailer should support TLS/START-TLS and authentication #737
- Use APIv2 in Onyphe analyers #736
Merged pull requests:
- Rename Lis_GetReport analyzer to LastInfoSec #809 (remydewa)
- change wot analyzer to support new api #777 (dadokkio)
- add requests to requirements #775 (dadokkio)
- #759 module_type removed in ThreatResponse #768 (dadokkio)
- Add new responder VirustotalDownloader #765 #766 (hariomenkel)
- Add auth to Mailer and support for tasks #764 (dadokkio)
- sinkdb: fqdn support #756 (dadokkio)
- new LastInfoSec analyzers for hash and domain #754 (remydewa)
- support onyphe api v2 #747 (dadokkio)
- Initial commit for SendGrid responder #739 (colin-stubbs)
2.7.0 (2020-05-15)
Implemented enhancements:
- BlueCoat Malware Analysis Sandbox Analyzer #145
- [discussion] Mispwarninglist analyzer speed issue and proposed improvement #731
- Improvement: extract IOCs from EmlParser #710
- [FR] Yeti Analyzer - SSL error with self signed certificate #468
- Add RT4-CreateTicket #543 (mdavis332)
Fixed bugs:
- [Bug] MaxMind #752
- json.dump \n and " #743
- [Bug] Yeti Analyzer docker images pip installing pyeti #708
- [Bug] FireHOLBlocklists No such file or directory #707
- [Bug] Worker cannot be run #595
- [Bug] EmailRep #750
- [Bug] Shodan Analyzer: Inconsistent Key References #748
- [Bug] DNSDB Analyzer Python 3 incompatability #613
- [Bug] Crt_sh_Transparency_Logs_1_0 - No JSON object could be decoded #594
- [Bug] TheHive isn't showing error messages from responders #429
Closed issues:
- New analyzer : Google Vision API #298
- New Analyzer: ANY.RUN #734
- New Analyzer: OpenCTI #723
- New Analyzer: MalwareBazaar #722
- [FR] CyberChef Analyzer #600
- Cortex Responder for creating RT (Request Tracker) tickets out of TheHive #430
Merged pull requests:
- added key to emailrep #751 (dadokkio)
- fix infos_domain key in shodan #749 (dadokkio)
- fix on python3 compatibility for #696 #745 (dadokkio)
- fix multuple yeti issues #740 (dadokkio)
- add analyzer for any.run sandbox #735 (dadokkio)
- Postgres as backend for mispwarninglist #732 (dadokkio)
- Fix bug emlparser when 'content-type' string in mail is in lower case #730 (TofBaasken)
- malwarebazaar hash search #728 (dadokkio)
- Add OpenCTI Analyzer v1 #725 (amr-cossi)
- Add CyberChef analyzer #697 (weslambert)
- Add CyberChef Analyzer #599 (weslambert)
- DomainTools Iris - Risky DNS Responder #587 (ChuckWoodraska)
2.6.0 (2020-03-25)
Implemented enhancements:
- New Analyzer: Mnemonic PDNS (Public & Closed) #255
- [Bug] AbuseIPDB analyzer returns error #701
- Update UmbrellaBlacklister #547 (arnydo)
- Fix - updated cortexutil Extractor return keys #538 (dadokkio)
- Issue #521 Fix - Talos Analyzer No Longer Works #522 (colin-stubbs)
- [ThreatCrowd ] Fixing Unexpected Error: get() takes exactly 1 argument (2 given) #518 (presianbg)
Fixed bugs:
- [Bug] Importing Templates of Analyzers in Hive #704
- [Bug] VMRay Returns Error #520
- [Bug] FileInfo does not run Oletools submodule for a doc #705
- [Bug] Investigate Analyzer Broken #703
- Analyzers missing cortexutils in requirements.txt #695
- [Bug] abuselpdb stop stupport APIv1 #618
- [Bug] All Onyphe analyzer return "Invalid output" #591
- [Bug] Mailer 1_0 #573
Closed issues:
- Responder Cisco AMP for Endpoints #593
- Analyzer Cisco Threat Response #592
- MISP-Warninglists Analyzer Outdated #569
- Invalid requirements in responder FalconCustomIOC requirements.txt #509
- ClamAV New analyzer #311
- CISCO AMP Sandbox Analyzer #146
- Intezer Community analyzer #504
- Analyzer Feature: URLScan.io "Scan" Service #405
- New Analyzer: NSRL check #391
Merged pull requests:
- abuseipdb update api to v2 #719 (dadokkio)
- Revert "[ThreatCrowd ] Fixing Unexpected Error: get() takes exactly 1 argument (2 given)" #716 (dadokkio)
- Revert "added IntezerCommunity analyzer" #713 (garanews)
- cortexutils in all requirements.txt #711 (garanews)
- fqdn support for Url haus #706 (garanews)
- Revert 726 revert 714 dt config clean up #727 (jeromeleonard)
- Revert "DomainToolsIris config cleanup" #726 (jeromeleonard)
- Revert "Bumped Investigate version" #721 (jeromeleonard)
- Bumped Investigate version #718 (garanews)
- fix some code for python3 compatibility #717 (dadokkio)
- DomainToolsIris config cleanup #714 (ChuckWoodraska)
- Feature/nsrl #712 (dadokkio)
- Added url scan feature #709 (dadokkio)
- DomainTools Iris - Malicious Tags Responder #588 (ChuckWoodraska)
- DomainTools Iris - Investigate Analyzer #572 (ChuckWoodraska)
- added IntezerCommunity analyzer #505 (mlodic)
2.5.0 (2020-02-24)
Fixed bugs:
- [Bug] Umbrella Investigate report error message 'Unknown Investigate service or invalid data type' #698
- Virusshare analyzer: suggesting another way to retrieve hash file names #359
- Cuckoo analyzer sometimes failes #114
Closed issues:
- IPVoid IP reputation API #454
Merged pull requests:
- Cisco Threat Response Analyzer #598 (maugertg)
- Cisco Threat Grid Analyzer #597 (maugertg)
- Cisco AMP for Endpoints Responder #596 (maugertg)
- Added IPVoid IP reputation API analyzer #455 (jdsnape)
2.4.1 (2020-02-11)
Implemented enhancements:
- Rename AUTOFOCUS analyzers to Autofocus #616
Fixed bugs:
- [Bug] MaxMind_GeoIP_3_0 #564
- Error when building docker image for MalwareClustering #620
- Abuse Finder not working with docker after force usage of python3 #619
- [Bug] Permission Denied on Analyzer Execution #614
- [Bug] VirusTotal script elif statement ends with semicolon typo #610
Closed issues:
- Emailrep.io analyzer #466
- IPinfo analyzer #462
- Maltiverse Analyzer #440
- [FR] Spamhaus DBL Analyzer #436
- New Analyzer: SoltraEdge #264
2.4.0 (2020-02-10)
Implemented enhancements:
- Force python3 in all analyzers #361
- fix: python3 compatibility for otxquery analyzer #590 (iwitz)
- fix: OTXQuery Python3 compatibility #567 (iwitz)
- Updating GreyNoise analyzer to use v2 API #562 (shortstack)
- fix for Shodan #558 (malwareowl)
- fix for threatcrowd #557 (malwareowl)
- fix for virus total #555 (malwareowl)
- Fix for the Abuse_Finder and Fortiguard #541 (phpsystems)
- fix some typo #537 (garanews)
- PassiveTotal Analyzer: Added support for additional data sets #497 (9b)
- Abuse_Finder : Add support to Python3.6 #469 (LetMeR00t)
Fixed bugs:
- [Bug] SSL verification failing for majority of analyzers. #605
- [Bug] JoeSandbox analyzer fails if terms and conditions are not accepted #565
- [Bug] MISP 2.0 analyzer search crashes the MISP instance #602
- OTXQuery Error - No module named requests #574
- [Bug] Abuse_Finder_2_0 #566
Closed issues:
- Cisco Umbrella Investigate Analyzer [FR] #583
- Add Wazuh Responder #578
- [FR] Palo Alto Minemeld Responder #577
- [FR] Team Cymru Malware Hash Registry Analyzer #576
- New Responder: KnowBe4 (WIP) #548
- [FR] Analyzer for PaloAltoNetworks Autofocus service #472
Merged pull requests:
- DomainTools Iris - Pivot Analyzer #586 (ChuckWoodraska)
- Add Spamhaus DBL analyzer #585 (weslambert)
- Add Wazuh responder #582 (weslambert)
- Add Palo Alto Minemeld Responder #581 (weslambert)
- Add TeamCymruMHR Analyzer #580 (weslambert)
- Update EmailRep analyzer #575 (ninoseki)
- New Responder KnowBe4 #549 (arnydo)
- Autofocus analyzer v1 #473 (amr-cossi)
- add Emailrep analyzer #467 (ninoseki)
- Add IPinfo analyzer #463 (ninoseki)
- remove builtin modules from requirements.txt #457 (ag-michael)
- Malware clustering #351 (garanews)
2.3.0 (2019-11-28)
Implemented enhancements:
- fix when hash not found #485 (garanews)
- fixed Talos analyzer #546 (0xmilkmix)
- removed python builtins from requirements.txt #517 (github-pba)
- Support for Cuckoo 2.0.7 and custom CA #514 (1earch)
- updated joesandbox analyzer #512 (garanews)
Fixed bugs:
- Old non-existent analysers showing in Cortex [Bug] #553
- [Bug] Custom responder not working after upgrade to cortex 3 #542
- [Bug] ThreatCrowd analyzer not respecting Max TLP value #527
- [Bug]Missing baseConfig in two Analyzsers #508
- [Bug] MISP analyzer does not connect to MISP #480
- [Bug] Missing module dependencies on responders #561
- [Bug] #552
- [Bug] Requests module is missing in PhishTank checkurl analyzer docker image #551
- Add mime types of encrypted documents #550
- [Bug] Cuckoo Sandbox 2.0.7 #544
- [Bug] Docker build fails due to spaces in some responders #540
- Talos Analyzer No Longer Works #521
- [Bug] Fortiguard: Category parsing does not handle "-" #493
- Umbrella analyzer: query_limit: error if no data provided #479 (siisar)
- Fix category parsing forom Fortiguard URLCategory #494 (srilumpa)
Closed issues:
- MaxMind Analyzer: Use commercial databases with geoipupdate #474
Merged pull requests:
2.2.0 (2019-10-01)
Implemented enhancements:
- [FR] Manage encrypted Office documents in FileInfo #533
- [FR] Use HEAD instead of GET in UnshortenLink #506
- Responder: Block a "domain" observable via BIND RPZ DDNS update #435
Fixed bugs:
- [Bug] VirusTotal_GetReport does not work anymore #519
- [Bug] Cortex Analyzers Invalid output #515
- [Bug] FileInfo crashes with some PDF #536
- [Bug] Hybrid Analysis getReport fails with observable with datatype = file #535
- [Bug] HIBP Analyser no longer works #524
- [Misc] Remove Cymon analyzer #489
- [Bug] Umbrella_Report_1_0 analyzer returning Invalid output #459
- Encoding error in Shodan results #322
- [BugFix] HIBP Analyser no longer works #525 (jonashergenhahn)
Closed issues:
- [FR] Responder "request for takedown" in Zerofox #532
- [FR] Responder "Close Alert" for Zerofox #531
- Responder QRadarAutoClose #441
Merged pull requests:
- Responder QRadarAutoClose #460 (cyberpescadito)
- Add responder DNS-RPZ (issue #435) #447 (mhexp)
- New analyser : Google Vision API #297 (0xswitch)
2.1.8 (2019-07-12)
Fixed bugs:
- [Bug] PassiveTotal SSL Certificate History analyzer always report at least one record, even if there isn't one #513
2.1.7 (2019-07-10)
Implemented enhancements:
- Analyzer Template Check-Up #213
Fixed bugs:
- [Bug] FortiGuard cannot parse response content #491
- Threatcrowd, TorBlutmagie, TorProject not displayed #414
- OTXQuery_2_0 Error when submitting IP address #363
Closed issues:
- New analyzer: Talos Reputation #426
2.1.6 (2019-06-21)
Implemented enhancements:
Fixed bugs:
- Missing request lib in the docker of Fortiguard analyzer #503
2.1.5 (2019-06-20)
Fixed bugs:
- Docker for EmlParser is not working, python-magic is missing #502
2.1.4 (2019-06-20)
Fixed bugs:
- TalosReputation : not cortexutils in requirements.txt #501
2.1.3 (2019-06-17)
Fixed bugs:
- Problem with iocp requirement #500
2.1.2 (2019-06-16)
2.1.1 (2019-06-16)
2.1.0 (2019-06-09)
Implemented enhancements:
- FileInfo : extract URL from documents like PDF or Office #465
- Use up to date msg-Extract lib in FileInfo #464
- [FR] Updated crt.sh Analyzer #438
- remove extra slash #488 (garanews)
- EmlParser - Fixed headers and displayTo #486 (mgabriel-silva)
- Crtsh updates #432 (kx499)
Fixed bugs:
- [Bug] IBM X-Force Analyzer adds an extra slash which prevents it from running correctly #487
- Cuckoo Sandbox Analyzer error #458
- [Bug] EmlParser has incomplete header #484
- [Bug] OpenXML files detected as zip but ignored by Oletools. #475
- [Bug] Malwares_GetReport_1_0 #470
- Use VirusTotal with python3 (issue #361) #446 (Nergie)
- Fix emlParser crash #439 (agix)
Closed issues:
- "errorMessage": "Missing dataType field" #481
- Hashdd_Detail_1_0 throwing error #461
- "errorMessage": "Invalid output\n" on Mail Responder #452
Merged pull requests:
- added custom Dns sinkholed ip #482 (garanews)
- yeti api key #478 (siisar)
- Possibility to use a Yeti apikey. #477 (siisar)
- Utility to make running an Analyzer locally easier, helpful in development #471 (ndejong)
- DNSSinkhole analyzer #434 (garanews)
- New analyzer: Talos Reputation #427 (mgabriel-silva)
2.0.1 (2019-04-05)
Fixed bugs:
- [Bug] Invalid version for stable Docker image #453
2.0.0 (2019-04-05)
Closed issues:
1.16.0 (2019-03-27)
Implemented enhancements:
- AbuseIPDB analyzer creation #353
Fixed bugs:
- [Bug] #433
Closed issues:
- Different analyzer results between manually built instance and trainingVM #442
- Crowdstrike Falcon Responder #423
- Backscatter.io Analyzer #422
Merged pull requests:
- Add responder QRadarAutoClose[FR#441] #443 (cyberpescadito)
- added templates for AbuseIPDB #425 (mlodic)
- A responder for the Crowdstrike Falcon custom IOC api #421 (ag-michael)
- New analyzer: Backscatter.io #420 (9b)
- Added AbuseIPDB analyzer #400 (mlodic)
1.15.3 (2019-02-28)
Implemented enhancements:
- [FR] New URLhaus API #431
- Updating Cuckoo Analyzer/Report Templates #418 (nicpenning)
Fixed bugs:
- Proofpoint analyzer fails Unexpected Error: Unicode-objects must be encoded before hashing #417
1.15.2 (2019-02-11)
Implemented enhancements:
- Wrong File handling in OTXQuery Analyzer #313
Fixed bugs:
- MISP Analyzer only queries first configured MISP instance #378
- Issue with encoding in mailer responder #416
- Restrict UnshortenLink usage to urls without IPs and/or ports #413
- Crtsh Analyzer: crt.sh result is a nested list #410
- MISP: fix requirements; enum not required for python 3.4+ #409
- FileInfo Manalyze - [plugin_btcaddress] Renamed to plugin_cryptoaddress. #408
- Bug: a broken link in the Cymon_Check_IP report #406
- Fix for #410 removed wrapping of crt.sh result in a list #411 (sprungknoedl)
Closed issues:
- EmlParser_1_1 not parsing .msg files #401
Merged pull requests:
1.15.1 (2019-01-09)
Fixed bugs:
- Wrong command path in HIBP_Query.json #404
- fix the lack of dependency called enum in ubuntu 16.04 #398 (yojo3000)
Closed issues:
- Malwares Analyzer for Python 3.4+ #402
Merged pull requests:
1.15.0 (2018-12-20)
Implemented enhancements:
- Improvement: Eml_Parser Analyzer & Template #394
- Revamp Shodan analyzer #327
- Update DomainTools analyzer with new flavors #320
- Add support for query parameters in DNSDB #318
- Improvement: Eml_Parser Analyzer & Template #393 (arnydo)
- Analyzer/Umbrella & Templates #392 (arnydo)
- Improve/mailer #376 (arnydo)
- Additional features for IBM X-force plug-in #368 (jeffrey-e)
- Revamp Shodan analyzer #328 (amr-cossi)
- Feature/domain tools more flavors #321 (amr-cossi)
Fixed bugs:
- Fortigard Report Template needs to be updated with new reclassification url #345
Closed issues:
- Analyzer report samples/examples #390
- New Analyzer: Cisco Umbrella Reporting #385
- Cisco Umbrella Blacklister Responder #382
- New analyzer : Cyberprotect ThreatScore #373
- New Analyzer: SecurityTrails #370
- Analyzer - Haveibeenpwned.com Lookup #190
Merged pull requests:
- Adding Patrowl analyzer #386 (MaKyOtOx)
- Responder/umbrella blacklister #383 (arnydo)
- HIBP_Query - Option to include Unverified Breaches #381 (arnydo)
- New analyzer : Cyberprotect ThreatScore #374 (remiallain)
- feat: add SecurityTrails analyzers #371 (ninoseki)
- Added HIBP Analyzer with templates #367 (crackytsi)
- Fix Fortiguard reclassification request URL #346 (megan201296)
- Add DNSDB API parameters #319 (amr-cossi)
1.14.4 (2018-12-05)
Implemented enhancements:
- Add option to specify SMTP Port for Mailer Responder #377
- Virustotal: update short reports to distinguish Scan from GetReport flavors #389
Fixed bugs:
- msg-extractor library has been updated and brakes FileInfo analyzer #384
1.14.3 (2018-11-28)
Fixed bugs:
- eml_parser Unexpected Error: list index out of range #352
Closed issues:
- CERTatPassiveDNS_2_0 Invalid File for WHOIS.sh #349
1.14.2 (2018-11-16)
Fixed bugs:
- Fix URLHaus long template #375
1.14.1 (2018-11-09)
Implemented enhancements:
- Fix for Fortiguard to handle FQDNs as well as domains and urls #358 (phpsystems)
Fixed bugs:
- Proofpoint analyzer definition missing the configuration objects #366
- fix in case GSB value is missing #365 (garanews)
- fix: "cut: the delimiter must be a single character" #364 (garanews)
Closed issues:
- FileInfo 5.0 Dockerized .exe analysis #369
1.14.0 (2018-10-26)
Implemented enhancements:
- MISP WarningLists CIDR notation support #197
- Fixes file not found issue and empty result set in CERT.at passive dns analyzer #362
- Add RTF support in FileInfo #360
- PassiveTotal_Passive_Dns_2_0 ordering issue #329
- Add new flavors in Onyphe analyzer #324
- Urlscan Analyzer #131
- PassiveTotal_Passive_Dns_2_0: Improve the ordering of the records #330 (ninoseki)
- Fix a typo in URLhaus's long.html #348 (ninoseki)
- Add RecordedFuture Analyzer #347 (jojoob)
- Add urlscan.io search analyzer #337 (ninoseki)
- Add Datascan and Inetnum flavors #326 (amr-cossi)
- New Analyzer: Investigate #310 (yasty)
- New analyzer : Google DNS over HTTPS #305 (0xswitch)
Fixed bugs:
- Cortex Responder - Invalid Output #331
- Force python3 for MISP-Analyzer #356
- HybridAnalysis analyzer does not properly handle filenames on some cases #323
Closed issues:
- Joe Sandbox Analyzer returning error with Joe Sandbox Cloud Pro #357
- Yara analyzer: 'can't open include file' #354
- Add support to responders in cortexutils #316
- Could not get Yeti analyzer worked in cortex #307
- Request for a Cortex Analyzer for Recorded Future #102
- New Analyzer: Investigate #309
- New analyzer : Google DNS over HTTPS #306
- Proofpoint Forensics Lookup #117
1.13.2 (2018-10-16)
Fixed bugs:
- Cuckoo file submission Analyzer error #177
1.13.1 (2018-09-19)
Fixed bugs:
- Wrong datatype in artifact() in DShield analyzer #344
1.13.0 (2018-09-18)
Implemented enhancements:
- Whois History has no mini report #339
- New analyzer: Pulsedive #303
- New analyzer : Hunter.io #293
- add Phishing Initiative Scan analyzer. #317 (sigalpes)
- New analyzer: DShield #300 (xme)
- Fortiguard url taxonomy #296 (srilumpa)
- New analyzer: Hunter.io #294 (remiallain)
Fixed bugs:
- Fix issues with VMRay analyzer #332
- Fix code in Domaintools analyzer #341
- Wrong template in C1fApp analyzer short report #340
- MISP Analysis failes #335
- [URLhaus] Change of format from URLhaus #308
- FortiGuard URL: taxonomy is too rigid #295
Closed issues:
- Cortex Responder - "thehive:log" datatype #343
- DomainTools Analyzer Risk is broken. Gives authentication errors #338
- StopForumSpam analyzer #205
- Fireeye iSIGHT Analyzer #160
- Manalyze analyzer #116
Merged pull requests:
1.12.0 (2018-07-31)
Merged pull requests:
1.11.0 (2018-07-13)
Implemented enhancements:
- New DomainTools API services requires new analyzer #240
- remove double quotes in short reports #291
- Update DomainTools Analyzer to pull Risk and Proximity Score #214
- [OS3 Hackathon] Refactor File_Info Analyzer #212
- VirusTotal URL report #289 (srilumpa)
- Add URLHaus analyzer #271 (3c7)
Fixed bugs:
- Analyzer Issue : Abuse_Finder #277
- Malwares analyzer has wrong api URL #292
- MISP analyzer certificate validation and name configuration #286
- FileInfo fixes #281
Closed issues:
Merged pull requests:
1.10.4 (2018-06-23)
Fixed bugs:
- IBM X-Force and Abuse finder problems found in shorts and long report #290
1.10.3 (2018-06-18)
Implemented enhancements:
Fixed bugs:
- ibm xforce analyzer "show-all" buttons don't work #287
Closed issues:
- Ofuscating an IOC signature before analyzing on VT #288
- IBM X-Force Exchange Analyzer #144
- API Keys to be submitted through Cortex for Analyzers #7
1.10.2 (2018-06-08)
Fixed bugs:
- File encoding issue in Threatcrowd json file #283
- IBMXForce template name #280
- Allow to set self signed certificates in VMRay analyzer #279
- IBMXforce Analyzer forces TLP1 #278
- Greynoise minireport does not give any info when there is no record in report #275
- encoding problem in ThreatCrowd #273
Closed issues:
- Yara config for multi pathes is not parsing correctly in platform #274
1.10.1 (2018-06-06)
Fixed bugs:
- Wrong name for Staxx report template #272
1.10.0 (2018-06-06)
Implemented enhancements:
- New analyzer: malwares.com #251
- Release 1.10.0 #270
- No short report in Hybrid-Analysis when there is no result #267
- Add ip dataType to CERT.at Passive DNS analyzer #237
- Grey Noise analyzer #231
- URLhaus analyzer #226
- cybercrime-tracker.net analyzer #220
- Anomali Staxx Analyzer #180
- Download only new hash files #242 (ktneely)
- Develop branch, add Staxx Analyzer #263 (robertnixon2003)
- Improve EmergingThreats analyzers #259 (ant1)
- Created Mnemonic PDNS public and closed analyzers #256 (NFCERT)
- New analyzer: malwares.com #252 (garanews)
- add UnshortenLink analyzer #247 (sigalpes)
- add threatcrowd analyzer #244 (remiallain)
- JoeSandbox analyzers: use a sane analysis timeout #239 (ant1)
- GreyNoise analyzer #236 (danielbrowne)
- cybercrime-tracker.net analyzer #222 (ph34tur3)
- created IBMXForce analyzer #187 (garanews)
Fixed bugs:
- Payloadsecurity #262
- Bug in EmergingThreats_MalwareInfo analyzer #258
- Error in permalink in Cymon long report template #238
- Added the executable flag to cuckoosandbox_analyzer.py #266 (Jack28)
- MISP WarningLists - Handling IP address lookup in CIDR IP ranges #200 (srilumpa)
Closed issues:
- Create GreyNoise analyzer template #269
Merged pull requests:
1.9.7 (2018-05-29)
Implemented enhancements:
- Update analyzers configuration for Cortex2 #172
Fixed bugs:
- Yara no longer processing rules after cortex 2.0 update #245
Closed issues:
1.9.6 (2018-04-25)
Fixed bugs:
- Yeti pyton lib fails to install for python_version > 2.7 #241
1.9.5 (2018-04-18)
Fixed bugs:
- Remove emerging threat wrong template files #233
- Censys analyzer : no uid given but the parameter is set #232
1.9.4 (2018-04-13)
Implemented enhancements:
- CIRCLPassiveSSL_2_0 requires colons or dashes in hashes #229
Fixed bugs:
- Hybrid Analysis returns success when filename query didn't work #223
- Fix JSB Url Analysis template #207 (ant1)
1.9.3 (2018-04-09)
Implemented enhancements:
- Cuckoo Analyzer changes the name of the file #188
Fixed bugs:
- Fix the default config of Cymon_Check_IP analyzer #225
- Restrict abuse_finder and file_info dependencies to Python 2.7 #224
- MISPWarningLists Analyzer searches for hashes case sensitive #221
- Bluecoat Categorization failes #216
- View All in template long not working #208
Closed issues:
- Feature Request: haveibeenpwned.com #189
1.9.2 (2018-04-04)
Fixed bugs:
- Hybrid Analysis analyzer successful even if rate limit reached #215
- Data field missing on file submission #218
Closed issues:
1.9.1 (2018-03-30)
1.9.0 (2018-03-29)
Implemented enhancements:
- DomainTools_ReverseIP should accept fqdn and/or domain as datatype #193
- Manage domain datatype in Name_history service of DNSDB analyzer #183
- Manage fqdn datatype in domain_name service of DNSDB analyzer #182
- Improve Phishtank maliciousness results #181
- IP type for CIRCL Passive DNS and others #99
- WIP: PEP8 all the things #165 (3c7)
- added Malpedia Analyzer #168 (garanews)
Fixed bugs:
- Fortiguard analyzer : use HTTPS to request fortiguard service #201
Merged pull requests:
- Fixes some problems with automatic artifact extraction #184 (3c7)
- Addedd cymon cortex analyzers #133 (ST2Labs)
1.8.3 (2018-03-23)
Fixed bugs:
1.8.2 (2018-03-21)
Fixed bugs:
- Cortex-Analyzer - MISP-plugin without proxy support/recognition #209
- Bug: FortiGuard URLCategory Failure #203
- Onyphe_Ports_1_0 return bad data in JSON object #169
- Joe Sandbox Analyzer returning error #156
- use https for request #204 (ecapuano)
- MISP WarningLists reports #196 (srilumpa)
Closed issues:
- Cortex-Analyzer - MISP-plugin no "ssl-verify = False" option #210
- MISP WarningLists long report does not display results #195
- error in MISP/requirements.txt #179
1.8.1 (2018-02-05)
Implemented enhancements:
- Updating VMRay Analyzer to accept files as dataType #157
Fixed bugs:
- Bluecoat analyzer fails if domain contains subdomain #173
Closed issues:
- Malpedia (yara) Analyzer #166
1.8.0 (2018-01-11)
Implemented enhancements:
- VirusTotal ignores Environment Proxies #130
- Feature/bluecoat #84 (0xswitch)
- Fixes #149, removes download_hashes.py #155 (3c7)
- Joe Sandbox API version 2 support #141 (ant1)
Fixed bugs:
- MISP analyzer certpath option doesn't accept bool value #164
- VirusShare downloader bash script bug #149
- Cuckoo Analysis Fails #162
- Fix getting filenames in analyzers #140 (ant1)
- fix snort alerts #163 (garanews)
Closed issues:
- Censys.io analyzer #135
- C1fApp Analyzer #64
- URLQuery Analyzer #18
- MISP Warninglists analyzer #124
- PayloadSecurity Sandbox #121
- SinkDB Analyzer #112
- C1fApp OSINT analyzer #103
- TOR Exit Nodes IPs Analyzer #45
Merged pull requests:
- Fixed requirements parsing MsgParser/requirements.txt #159 (peasead)
- Censys.io analyzer #153 (3c7)
- C1fApp Initial version #119 (etz69)
- Fix mode when creating FireHOL ipset directory #158 (srilumpa)
- Add Onyphe analyzers #152 (Pierre-Baudry)
- Tor blutmagie #139 (srilumpa)
- Tor project analyzer #138 (srilumpa)
- Added SinkDB analyzer #134 (3c7)
- Added MISP warning lists analyzer #129 (3c7)
- Robtex API Analyzer #105 (3c7)
1.7.1 (2017-12-06)
Closed issues:
- Issue with Shodan Analyzer #150
- Analyzers using online query fails to use system proxy settings #143
- Hippocampe Analyzer Fails #137
Merged pull requests:
1.7.0 (2017-11-08)
Implemented enhancements:
Fixed bugs:
- PhishTank analyzer doesn't work #126
- Missing olefile in MsgParser requirements #101
- VirusTotal URL Scan Bug #93
Merged pull requests:
- add Analyzers Shodan #125 (sebdraven)
- Updated VT Links in Long Report #111 (saadkadhi)
- Adding netaddr to requirements for nessus analyzer #83 (drewstinnett)
- Fix PhishTank analyzer #128 (ilyaglow)
- Fixed: hide empty panel from template #108 (dadokkio)
- Fixes MISP Analyzer name bug #95 (3c7)
- Added VxStream Sandbox (Hybrid Analysis) Analyzer #73 (yugoslavskiy)
1.6.5 (2017-11-05)
1.6.4 (2017-11-04)
Fixed bugs:
- name parameter for the MISP analyzer does behave as expected #94
- fixed line break in WOT requirements.txt #132 (peasead)
Closed issues:
- Virusshare short report enhancements if SHA1 hash passed #115
- MISP_2_0 analyzer does not seems compatible with python 2.7 #90
- ET Intelligence Analyzer #79
- Use naming conventions for analyzer config properties #33
- Hybrid Analysis Analyzer #26
Merged pull requests:
- Revert "Updated VT links in Long report" #110 (saadkadhi)
- Updated VT links in Long report #98 (mthlvt)
1.6.3 (2017-09-10)
Merged pull requests:
1.6.2 (2017-09-04)
Closed issues:
- Invalid Yeti templates folder name #89
Merged pull requests:
- Updates to Virusshare analyzer #80 (colinvanniekerk)
1.6.1 (2017-09-04)
Closed issues:
- MISPClient.__init__, ssl parameter default to True but later used as filename #87
Merged pull requests:
1.6.0 (2017-07-27)
Closed issues:
Merged pull requests:
- added WOT analyzer & fixed cuckoo templates issue #77 (garanews)
- Cuckoo Sandbox Analyzer #50 (garanews)
1.5.1 (2017-07-13)
Fixed bugs:
- Yara analyzer doesn't recognize 'sha1' field name from Yara-rules #62
Closed issues:
- Virustotal Scan returning incorrect taxonomy on URL scan #74
1.5.0 (2017-07-05)
Implemented enhancements:
- Build a taxonomy in cortexutils #66
- Joe Sandbox 19: New Information in Reports #65
- Review summary() and short reports for TheHive-Project/TheHive#131 #56
Fixed bugs:
- Add missing check_tlp config to GoogleSafeBrowsing analyzer #71
- Fix the URL configuration of Hippocampe analyzer #69
- Abuse_Finder analyzer analyzes "email" instead of "mail" #52
Closed issues:
Merged pull requests:
- Fixed mistake in blocklist script, added error on missing config #67 (3c7)
- There were no carriage returns so it would break if you wanted to mass install the analyzer requirements #61 (Popsiclestick)
1.4.4 (2017-06-15)
Fixed bugs:
- Inconsistance between long and short reports in MISP analyzer #59
1.4.3 (2017-06-15)
Fixed bugs:
- cortexutils fails to generate error reports when the analyzer has no config #57
- Encoding problem in cortexutils #54
1.4.2 (2017-05-24)
1.4.1 (2017-05-23)
1.4.0 (2017-05-22)
Fixed bugs:
- Fortiguard API Changed #37
Closed issues:
Merged pull requests:
1.3.1 (2017-05-12)
1.3.0 (2017-05-08)
Implemented enhancements:
- Update the polling interval in VT scan analyzer #42
- Add author and url attributes to analyzer descriptior files #32
- Cut python 2 dependency by replacing ioc-parser in cortexutils.analyzer #4
- Added rate limit message for VirusTotal analyzer #39 (3c7)
Closed issues:
- File_Info analyzer has problems examining pe files #38
- Make cortexutils compatible with python 2 and 3 #35
- Unify short template reports to use appropriate taxonomy #34
- Virusshare.com analyzer #30
- YARA Analyzer #19
- Google Safe Browsing Analyzer #17
- CIRCL.lu PassiveSSL Analyzer #12
- CIRCL.lu PassiveDNS Analyzer #11
- Nessus Analyzer #1
Merged pull requests:
1.2.0 (2017-03-31)
Closed issues:
- OTXQuery : improve error handling #22
- Analyzer Caching #6
- Joe Sandbox Analyzer #27
- MISP Analyzer #14
Merged pull requests:
- Nessus Analyzer #20 (guillomovitch)
1.1.0 (2017-03-07)
Implemented enhancements:
- Python < 2.7 crashes on version check #10
- VirusTotal GetReport can't get report for files from Cortex #9
- Normalize analyzer's JSON configuration file #8
Fixed bugs:
- OTX Query error when processing a file in Cortex #21
Closed issues:
- Analyzer Rate Limiting #5
- Working on analyzers: CIRCL.lu PassiveSSL/DNS, CERT.AT PassiveDNS, MISP, IntelMQ, VMRay, Google Safebrowsing, URLQuery, yara #3
1.0.0 (2017-02-17)
Closed issues:
- "VirusTotal_Scan" analyzer is not checking for TLP #2
* This Changelog was automatically generated by github_changelog_generator