Skip to content

Latest commit

 

History

History
1379 lines (890 loc) · 89 KB

CHANGELOG.md

File metadata and controls

1379 lines (890 loc) · 89 KB

Changelog

Full Changelog

Fixed bugs:

  • [Bug] Mailer_1_0 not working #835
  • [Bug] Docker images of some responders are not built #834
  • PhishTank_CheckURL_2_1 doesn't work[Bug] #833
  • PhishingInitiative_Scan_1_0 doesn't work[Bug] #832
  • Hashdd_Detail_1_0 doesn't work [Bug] #831
  • MalwareBazaar_1_0 doesn't support types of observables, but writed that it does[Bug] #830
  • MISPWarninglists analyzer doesn't work [Bug] #827

Closed issues:

  • New Analyzer: ForcepointWebsensePing #817
  • [FR] add SpamAssassin analyzer #810
  • [FR] Velociraptor Analyzer/Responder #579

2.8.7 (2020-08-03)

Full Changelog

Fixed bugs:

  • Robtex_IP_Query_1_0 doesn't work [Bug] #828

2.8.6 (2020-07-15)

Full Changelog

Fixed bugs:

  • [Bug] VirustotalDownloader docker image not available #820

2.8.5 (2020-07-13)

Full Changelog

Implemented enhancements:

  • [PATCH] Implement some other ONYPHE simple APIs (but still not the search API) #372

Closed issues:

  • [FR] Splunk search analyzer #791

2.8.4 (2020-07-02)

Full Changelog

2.8.3 (2020-07-02)

Full Changelog

Fixed bugs:

  • [Bug] missing simplejson lib in ThreatGrid analyzer #812

2.8.2 (2020-07-02)

Full Changelog

2.8.1 (2020-07-02)

Full Changelog

Fixed bugs:

  • [Bug] IntezerCommunity Analyser: Permission denied #801

Closed issues:

  • [FR] New Analyzer: LastInfoSec IoC Analysis #753

2.8.0 (2020-06-30)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • [Bug] JSONDecodeError with dockerized analyzers #800
  • [Bug] MineMeld_1_0 Obesrvable not reaching destination. #773
  • [Bug] Abuse_Finder : pythonwhois dependency tree broken #742
  • [Bug] Wazuh responder not working. #778
  • [Bug] Minemeld Responder: No module named 'requests' #774
  • ThreatResponse analyzer fails #759
  • Mailer incorrectly informes about missing receipient address in artifacts for Case object #379

Closed issues:

  • [FR] Rename Lis_GetReport analyzer to LastInfoSec #808
  • EML-Parser Requirements file missing pip requirement #792
  • ELK - Elasticsearch or Kibana analyzer (contribution survey) #419
  • New Responder: Virustotal Downloader #765
  • [FR] SendGrid based mail delivery via HTTPS API #738
  • [FR] Mailer should support TLS/START-TLS and authentication #737
  • Use APIv2 in Onyphe analyers #736

Merged pull requests:

2.7.0 (2020-05-15)

Full Changelog

Implemented enhancements:

  • BlueCoat Malware Analysis Sandbox Analyzer #145
  • [discussion] Mispwarninglist analyzer speed issue and proposed improvement #731
  • Improvement: extract IOCs from EmlParser #710
  • [FR] Yeti Analyzer - SSL error with self signed certificate #468
  • Add RT4-CreateTicket #543 (mdavis332)

Fixed bugs:

  • [Bug] MaxMind #752
  • json.dump \n and " #743
  • [Bug] Yeti Analyzer docker images pip installing pyeti #708
  • [Bug] FireHOLBlocklists No such file or directory #707
  • [Bug] Worker cannot be run #595
  • [Bug] EmailRep #750
  • [Bug] Shodan Analyzer: Inconsistent Key References #748
  • [Bug] DNSDB Analyzer Python 3 incompatability #613
  • [Bug] Crt_sh_Transparency_Logs_1_0 - No JSON object could be decoded #594
  • [Bug] TheHive isn't showing error messages from responders #429

Closed issues:

  • New analyzer : Google Vision API #298
  • New Analyzer: ANY.RUN #734
  • New Analyzer: OpenCTI #723
  • New Analyzer: MalwareBazaar #722
  • [FR] CyberChef Analyzer #600
  • Cortex Responder for creating RT (Request Tracker) tickets out of TheHive #430

Merged pull requests:

2.6.0 (2020-03-25)

Full Changelog

Implemented enhancements:

  • New Analyzer: Mnemonic PDNS (Public & Closed) #255
  • [Bug] AbuseIPDB analyzer returns error #701
  • Update UmbrellaBlacklister #547 (arnydo)
  • Fix - updated cortexutil Extractor return keys #538 (dadokkio)
  • Issue #521 Fix - Talos Analyzer No Longer Works #522 (colin-stubbs)
  • [ThreatCrowd ] Fixing Unexpected Error: get() takes exactly 1 argument (2 given) #518 (presianbg)

Fixed bugs:

  • [Bug] Importing Templates of Analyzers in Hive #704
  • [Bug] VMRay Returns Error #520
  • [Bug] FileInfo does not run Oletools submodule for a doc #705
  • [Bug] Investigate Analyzer Broken #703
  • Analyzers missing cortexutils in requirements.txt #695
  • [Bug] abuselpdb stop stupport APIv1 #618
  • [Bug] All Onyphe analyzer return "Invalid output" #591
  • [Bug] Mailer 1_0 #573

Closed issues:

  • Responder Cisco AMP for Endpoints #593
  • Analyzer Cisco Threat Response #592
  • MISP-Warninglists Analyzer Outdated #569
  • Invalid requirements in responder FalconCustomIOC requirements.txt #509
  • ClamAV New analyzer #311
  • CISCO AMP Sandbox Analyzer #146
  • Intezer Community analyzer #504
  • Analyzer Feature: URLScan.io "Scan" Service #405
  • New Analyzer: NSRL check #391

Merged pull requests:

2.5.0 (2020-02-24)

Full Changelog

Fixed bugs:

  • [Bug] Umbrella Investigate report error message 'Unknown Investigate service or invalid data type' #698
  • Virusshare analyzer: suggesting another way to retrieve hash file names #359
  • Cuckoo analyzer sometimes failes #114

Closed issues:

  • IPVoid IP reputation API #454

Merged pull requests:

2.4.1 (2020-02-11)

Full Changelog

Implemented enhancements:

  • Rename AUTOFOCUS analyzers to Autofocus #616

Fixed bugs:

  • [Bug] MaxMind_GeoIP_3_0 #564
  • Error when building docker image for MalwareClustering #620
  • Abuse Finder not working with docker after force usage of python3 #619
  • [Bug] Permission Denied on Analyzer Execution #614
  • [Bug] VirusTotal script elif statement ends with semicolon typo #610

Closed issues:

  • Emailrep.io analyzer #466
  • IPinfo analyzer #462
  • Maltiverse Analyzer #440
  • [FR] Spamhaus DBL Analyzer #436
  • New Analyzer: SoltraEdge #264

2.4.0 (2020-02-10)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • [Bug] SSL verification failing for majority of analyzers. #605
  • [Bug] JoeSandbox analyzer fails if terms and conditions are not accepted #565
  • [Bug] MISP 2.0 analyzer search crashes the MISP instance #602
  • OTXQuery Error - No module named requests #574
  • [Bug] Abuse_Finder_2_0 #566

Closed issues:

  • Cisco Umbrella Investigate Analyzer [FR] #583
  • Add Wazuh Responder #578
  • [FR] Palo Alto Minemeld Responder #577
  • [FR] Team Cymru Malware Hash Registry Analyzer #576
  • New Responder: KnowBe4 (WIP) #548
  • [FR] Analyzer for PaloAltoNetworks Autofocus service #472

Merged pull requests:

2.3.0 (2019-11-28)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Old non-existent analysers showing in Cortex [Bug] #553
  • [Bug] Custom responder not working after upgrade to cortex 3 #542
  • [Bug] ThreatCrowd analyzer not respecting Max TLP value #527
  • [Bug]Missing baseConfig in two Analyzsers #508
  • [Bug] MISP analyzer does not connect to MISP #480
  • [Bug] Missing module dependencies on responders #561
  • [Bug] #552
  • [Bug] Requests module is missing in PhishTank checkurl analyzer docker image #551
  • Add mime types of encrypted documents #550
  • [Bug] Cuckoo Sandbox 2.0.7 #544
  • [Bug] Docker build fails due to spaces in some responders #540
  • Talos Analyzer No Longer Works #521
  • [Bug] Fortiguard: Category parsing does not handle "-" #493
  • Umbrella analyzer: query_limit: error if no data provided #479 (siisar)
  • Fix category parsing forom Fortiguard URLCategory #494 (srilumpa)

Closed issues:

  • MaxMind Analyzer: Use commercial databases with geoipupdate #474

Merged pull requests:

2.2.0 (2019-10-01)

Full Changelog

Implemented enhancements:

  • [FR] Manage encrypted Office documents in FileInfo #533
  • [FR] Use HEAD instead of GET in UnshortenLink #506
  • Responder: Block a "domain" observable via BIND RPZ DDNS update #435

Fixed bugs:

  • [Bug] VirusTotal_GetReport does not work anymore #519
  • [Bug] Cortex Analyzers Invalid output #515
  • [Bug] FileInfo crashes with some PDF #536
  • [Bug] Hybrid Analysis getReport fails with observable with datatype = file #535
  • [Bug] HIBP Analyser no longer works #524
  • [Misc] Remove Cymon analyzer #489
  • [Bug] Umbrella_Report_1_0 analyzer returning Invalid output #459
  • Encoding error in Shodan results #322
  • [BugFix] HIBP Analyser no longer works #525 (jonashergenhahn)

Closed issues:

  • [FR] Responder "request for takedown" in Zerofox #532
  • [FR] Responder "Close Alert" for Zerofox #531
  • Responder QRadarAutoClose #441

Merged pull requests:

2.1.8 (2019-07-12)

Full Changelog

Fixed bugs:

  • [Bug] PassiveTotal SSL Certificate History analyzer always report at least one record, even if there isn't one #513

2.1.7 (2019-07-10)

Full Changelog

Implemented enhancements:

  • Analyzer Template Check-Up #213

Fixed bugs:

  • [Bug] FortiGuard cannot parse response content #491
  • Threatcrowd, TorBlutmagie, TorProject not displayed #414
  • OTXQuery_2_0 Error when submitting IP address #363

Closed issues:

  • New analyzer: Talos Reputation #426

2.1.6 (2019-06-21)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Missing request lib in the docker of Fortiguard analyzer #503

2.1.5 (2019-06-20)

Full Changelog

Fixed bugs:

  • Docker for EmlParser is not working, python-magic is missing #502

2.1.4 (2019-06-20)

Full Changelog

Fixed bugs:

  • TalosReputation : not cortexutils in requirements.txt #501

2.1.3 (2019-06-17)

Full Changelog

Fixed bugs:

  • Problem with iocp requirement #500

2.1.2 (2019-06-16)

Full Changelog

2.1.1 (2019-06-16)

Full Changelog

2.1.0 (2019-06-09)

Full Changelog

Implemented enhancements:

  • FileInfo : extract URL from documents like PDF or Office #465
  • Use up to date msg-Extract lib in FileInfo #464
  • [FR] Updated crt.sh Analyzer #438
  • remove extra slash #488 (garanews)
  • EmlParser - Fixed headers and displayTo #486 (mgabriel-silva)
  • Crtsh updates #432 (kx499)

Fixed bugs:

  • [Bug] IBM X-Force Analyzer adds an extra slash which prevents it from running correctly #487
  • Cuckoo Sandbox Analyzer error #458
  • [Bug] EmlParser has incomplete header #484
  • [Bug] OpenXML files detected as zip but ignored by Oletools. #475
  • [Bug] Malwares_GetReport_1_0 #470
  • Use VirusTotal with python3 (issue #361) #446 (Nergie)
  • Fix emlParser crash #439 (agix)

Closed issues:

  • "errorMessage": "Missing dataType field" #481
  • Hashdd_Detail_1_0 throwing error #461
  • "errorMessage": "Invalid output\n" on Mail Responder #452

Merged pull requests:

2.0.1 (2019-04-05)

Full Changelog

Fixed bugs:

  • [Bug] Invalid version for stable Docker image #453

2.0.0 (2019-04-05)

Full Changelog

Closed issues:

  • [FR] Remove contrib folder #451
  • [FR] Add support to dockerized analyzers #450

1.16.0 (2019-03-27)

Full Changelog

Implemented enhancements:

  • AbuseIPDB analyzer creation #353

Fixed bugs:

Closed issues:

  • Different analyzer results between manually built instance and trainingVM #442
  • Crowdstrike Falcon Responder #423
  • Backscatter.io Analyzer #422

Merged pull requests:

1.15.3 (2019-02-28)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Proofpoint analyzer fails Unexpected Error: Unicode-objects must be encoded before hashing #417

1.15.2 (2019-02-11)

Full Changelog

Implemented enhancements:

  • Wrong File handling in OTXQuery Analyzer #313

Fixed bugs:

  • MISP Analyzer only queries first configured MISP instance #378
  • Issue with encoding in mailer responder #416
  • Restrict UnshortenLink usage to urls without IPs and/or ports #413
  • Crtsh Analyzer: crt.sh result is a nested list #410
  • MISP: fix requirements; enum not required for python 3.4+ #409
  • FileInfo Manalyze - [plugin_btcaddress] Renamed to plugin_cryptoaddress. #408
  • Bug: a broken link in the Cymon_Check_IP report #406
  • Fix for #410 removed wrapping of crt.sh result in a list #411 (sprungknoedl)

Closed issues:

  • EmlParser_1_1 not parsing .msg files #401

Merged pull requests:

  • Fix a broken link in the Cymon_Check_IP report #407 (ninoseki)

1.15.1 (2019-01-09)

Full Changelog

Fixed bugs:

  • Wrong command path in HIBP_Query.json #404
  • fix the lack of dependency called enum in ubuntu 16.04 #398 (yojo3000)

Closed issues:

  • Malwares Analyzer for Python 3.4+ #402

Merged pull requests:

1.15.0 (2018-12-20)

Full Changelog

Implemented enhancements:

  • Improvement: Eml_Parser Analyzer & Template #394
  • Revamp Shodan analyzer #327
  • Update DomainTools analyzer with new flavors #320
  • Add support for query parameters in DNSDB #318
  • Improvement: Eml_Parser Analyzer & Template #393 (arnydo)
  • Analyzer/Umbrella & Templates #392 (arnydo)
  • Improve/mailer #376 (arnydo)
  • Additional features for IBM X-force plug-in #368 (jeffrey-e)
  • Revamp Shodan analyzer #328 (amr-cossi)
  • Feature/domain tools more flavors #321 (amr-cossi)

Fixed bugs:

  • Fortigard Report Template needs to be updated with new reclassification url #345

Closed issues:

  • Analyzer report samples/examples #390
  • New Analyzer: Cisco Umbrella Reporting #385
  • Cisco Umbrella Blacklister Responder #382
  • New analyzer : Cyberprotect ThreatScore #373
  • New Analyzer: SecurityTrails #370
  • Analyzer - Haveibeenpwned.com Lookup #190

Merged pull requests:

1.14.4 (2018-12-05)

Full Changelog

Implemented enhancements:

  • Add option to specify SMTP Port for Mailer Responder #377
  • Virustotal: update short reports to distinguish Scan from GetReport flavors #389

Fixed bugs:

  • msg-extractor library has been updated and brakes FileInfo analyzer #384

1.14.3 (2018-11-28)

Full Changelog

Fixed bugs:

  • eml_parser Unexpected Error: list index out of range #352

Closed issues:

  • CERTatPassiveDNS_2_0 Invalid File for WHOIS.sh #349

1.14.2 (2018-11-16)

Full Changelog

Fixed bugs:

  • Fix URLHaus long template #375

1.14.1 (2018-11-09)

Full Changelog

Implemented enhancements:

  • Fix for Fortiguard to handle FQDNs as well as domains and urls #358 (phpsystems)

Fixed bugs:

  • Proofpoint analyzer definition missing the configuration objects #366
  • fix in case GSB value is missing #365 (garanews)
  • fix: "cut: the delimiter must be a single character" #364 (garanews)

Closed issues:

  • FileInfo 5.0 Dockerized .exe analysis #369

1.14.0 (2018-10-26)

Full Changelog

Implemented enhancements:

  • MISP WarningLists CIDR notation support #197
  • Fixes file not found issue and empty result set in CERT.at passive dns analyzer #362
  • Add RTF support in FileInfo #360
  • PassiveTotal_Passive_Dns_2_0 ordering issue #329
  • Add new flavors in Onyphe analyzer #324
  • Urlscan Analyzer #131
  • PassiveTotal_Passive_Dns_2_0: Improve the ordering of the records #330 (ninoseki)
  • Fix a typo in URLhaus's long.html #348 (ninoseki)
  • Add RecordedFuture Analyzer #347 (jojoob)
  • Add urlscan.io search analyzer #337 (ninoseki)
  • Add Datascan and Inetnum flavors #326 (amr-cossi)
  • New Analyzer: Investigate #310 (yasty)
  • New analyzer : Google DNS over HTTPS #305 (0xswitch)

Fixed bugs:

  • Cortex Responder - Invalid Output #331
  • Force python3 for MISP-Analyzer #356
  • HybridAnalysis analyzer does not properly handle filenames on some cases #323

Closed issues:

  • Joe Sandbox Analyzer returning error with Joe Sandbox Cloud Pro #357
  • Yara analyzer: 'can't open include file' #354
  • Add support to responders in cortexutils #316
  • Could not get Yeti analyzer worked in cortex #307
  • Request for a Cortex Analyzer for Recorded Future #102
  • New Analyzer: Investigate #309
  • New analyzer : Google DNS over HTTPS #306
  • Proofpoint Forensics Lookup #117

1.13.2 (2018-10-16)

Full Changelog

Fixed bugs:

  • Cuckoo file submission Analyzer error #177

1.13.1 (2018-09-19)

Full Changelog

Fixed bugs:

  • Wrong datatype in artifact() in DShield analyzer #344

1.13.0 (2018-09-18)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Fix issues with VMRay analyzer #332
  • Fix code in Domaintools analyzer #341
  • Wrong template in C1fApp analyzer short report #340
  • MISP Analysis failes #335
  • [URLhaus] Change of format from URLhaus #308
  • FortiGuard URL: taxonomy is too rigid #295

Closed issues:

  • Cortex Responder - "thehive:log" datatype #343
  • DomainTools Analyzer Risk is broken. Gives authentication errors #338
  • StopForumSpam analyzer #205
  • Fireeye iSIGHT Analyzer #160
  • Manalyze analyzer #116

Merged pull requests:

  • Manalyze submodule for FileInfo analyzer #333 (3c7)

1.12.0 (2018-07-31)

Full Changelog

Merged pull requests:

1.11.0 (2018-07-13)

Full Changelog

Implemented enhancements:

  • New DomainTools API services requires new analyzer #240
  • remove double quotes in short reports #291
  • Update DomainTools Analyzer to pull Risk and Proximity Score #214
  • [OS3 Hackathon] Refactor File_Info Analyzer #212
  • VirusTotal URL report #289 (srilumpa)
  • Add URLHaus analyzer #271 (3c7)

Fixed bugs:

  • Analyzer Issue : Abuse_Finder #277
  • Malwares analyzer has wrong api URL #292
  • MISP analyzer certificate validation and name configuration #286
  • FileInfo fixes #281

Closed issues:

  • disable #301
  • New analyzer: DShield #299
  • New Analyzer: hashdd #282

Merged pull requests:

1.10.4 (2018-06-23)

Full Changelog

Fixed bugs:

  • IBM X-Force and Abuse finder problems found in shorts and long report #290

1.10.3 (2018-06-18)

Full Changelog

Implemented enhancements:

  • New analyzer : Threatcrowd #243
  • Msg_Parser analyser show for all files #136

Fixed bugs:

  • ibm xforce analyzer "show-all" buttons don't work #287

Closed issues:

  • Ofuscating an IOC signature before analyzing on VT #288
  • IBM X-Force Exchange Analyzer #144
  • API Keys to be submitted through Cortex for Analyzers #7

1.10.2 (2018-06-08)

Full Changelog

Fixed bugs:

  • File encoding issue in Threatcrowd json file #283
  • IBMXForce template name #280
  • Allow to set self signed certificates in VMRay analyzer #279
  • IBMXforce Analyzer forces TLP1 #278
  • Greynoise minireport does not give any info when there is no record in report #275
  • encoding problem in ThreatCrowd #273

Closed issues:

  • Yara config for multi pathes is not parsing correctly in platform #274

1.10.1 (2018-06-06)

Full Changelog

Fixed bugs:

  • Wrong name for Staxx report template #272

1.10.0 (2018-06-06)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Payloadsecurity #262
  • Bug in EmergingThreats_MalwareInfo analyzer #258
  • Error in permalink in Cymon long report template #238
  • Added the executable flag to cuckoosandbox_analyzer.py #266 (Jack28)
  • MISP WarningLists - Handling IP address lookup in CIDR IP ranges #200 (srilumpa)

Closed issues:

  • Create GreyNoise analyzer template #269

Merged pull requests:

1.9.7 (2018-05-29)

Full Changelog

Implemented enhancements:

  • Update analyzers configuration for Cortex2 #172

Fixed bugs:

  • Yara no longer processing rules after cortex 2.0 update #245

Closed issues:

  • extend templates with external libraries #250
  • Bluecoat Analyzer #85

1.9.6 (2018-04-25)

Full Changelog

Fixed bugs:

  • Yeti pyton lib fails to install for python_version > 2.7 #241

1.9.5 (2018-04-18)

Full Changelog

Fixed bugs:

  • Remove emerging threat wrong template files #233
  • Censys analyzer : no uid given but the parameter is set #232

1.9.4 (2018-04-13)

Full Changelog

Implemented enhancements:

  • CIRCLPassiveSSL_2_0 requires colons or dashes in hashes #229

Fixed bugs:

  • Hybrid Analysis returns success when filename query didn't work #223
  • Fix JSB Url Analysis template #207 (ant1)

1.9.3 (2018-04-09)

Full Changelog

Implemented enhancements:

  • Cuckoo Analyzer changes the name of the file #188

Fixed bugs:

  • Fix the default config of Cymon_Check_IP analyzer #225
  • Restrict abuse_finder and file_info dependencies to Python 2.7 #224
  • MISPWarningLists Analyzer searches for hashes case sensitive #221
  • Bluecoat Categorization failes #216
  • View All in template long not working #208

Closed issues:

  • Feature Request: haveibeenpwned.com #189

1.9.2 (2018-04-04)

Full Changelog

Fixed bugs:

  • Hybrid Analysis analyzer successful even if rate limit reached #215
  • Data field missing on file submission #218

Closed issues:

  • Supper the new auto extract config name #219
  • OTXQuery_2_0 failes with Cortex2 #217

1.9.1 (2018-03-30)

Full Changelog

1.9.0 (2018-03-29)

Full Changelog

Implemented enhancements:

  • DomainTools_ReverseIP should accept fqdn and/or domain as datatype #193
  • Manage domain datatype in Name_history service of DNSDB analyzer #183
  • Manage fqdn datatype in domain_name service of DNSDB analyzer #182
  • Improve Phishtank maliciousness results #181
  • IP type for CIRCL Passive DNS and others #99
  • WIP: PEP8 all the things #165 (3c7)
  • added Malpedia Analyzer #168 (garanews)

Fixed bugs:

  • Fortiguard analyzer : use HTTPS to request fortiguard service #201

Merged pull requests:

  • Fixes some problems with automatic artifact extraction #184 (3c7)
  • Addedd cymon cortex analyzers #133 (ST2Labs)

1.8.3 (2018-03-23)

Full Changelog

Fixed bugs:

  • Abuse_Finder_2_0 - Invalid analyzer output format #211
  • Bug in Abuse_Finder Analyzer #161

1.8.2 (2018-03-21)

Full Changelog

Fixed bugs:

  • Cortex-Analyzer - MISP-plugin without proxy support/recognition #209
  • Bug: FortiGuard URLCategory Failure #203
  • Onyphe_Ports_1_0 return bad data in JSON object #169
  • Joe Sandbox Analyzer returning error #156
  • use https for request #204 (ecapuano)
  • MISP WarningLists reports #196 (srilumpa)

Closed issues:

  • Cortex-Analyzer - MISP-plugin no "ssl-verify = False" option #210
  • MISP WarningLists long report does not display results #195
  • error in MISP/requirements.txt #179

1.8.1 (2018-02-05)

Full Changelog

Implemented enhancements:

  • Updating VMRay Analyzer to accept files as dataType #157

Fixed bugs:

  • Bluecoat analyzer fails if domain contains subdomain #173

Closed issues:

  • Malpedia (yara) Analyzer #166

1.8.0 (2018-01-11)

Full Changelog

Implemented enhancements:

  • VirusTotal ignores Environment Proxies #130
  • Feature/bluecoat #84 (0xswitch)
  • Fixes #149, removes download_hashes.py #155 (3c7)
  • Joe Sandbox API version 2 support #141 (ant1)

Fixed bugs:

  • MISP analyzer certpath option doesn't accept bool value #164
  • VirusShare downloader bash script bug #149
  • Cuckoo Analysis Fails #162
  • Fix getting filenames in analyzers #140 (ant1)
  • fix snort alerts #163 (garanews)

Closed issues:

  • Censys.io analyzer #135
  • C1fApp Analyzer #64
  • URLQuery Analyzer #18
  • MISP Warninglists analyzer #124
  • PayloadSecurity Sandbox #121
  • SinkDB Analyzer #112
  • C1fApp OSINT analyzer #103
  • TOR Exit Nodes IPs Analyzer #45

Merged pull requests:

1.7.1 (2017-12-06)

Full Changelog

Closed issues:

  • Issue with Shodan Analyzer #150
  • Analyzers using online query fails to use system proxy settings #143
  • Hippocampe Analyzer Fails #137

Merged pull requests:

  • Rename hybridanalysis_analyzer.py to HybridAnalysis_analyzer.py #151 (treed593)

1.7.0 (2017-11-08)

Full Changelog

Implemented enhancements:

  • Cuckoo Analyzer requires final slash #113
  • support both cuckoo versions #100 (garanews)

Fixed bugs:

  • PhishTank analyzer doesn't work #126
  • Missing olefile in MsgParser requirements #101
  • VirusTotal URL Scan Bug #93

Merged pull requests:

1.6.5 (2017-11-05)

Full Changelog

1.6.4 (2017-11-04)

Full Changelog

Fixed bugs:

  • name parameter for the MISP analyzer does behave as expected #94
  • fixed line break in WOT requirements.txt #132 (peasead)

Closed issues:

  • Virusshare short report enhancements if SHA1 hash passed #115
  • MISP_2_0 analyzer does not seems compatible with python 2.7 #90
  • ET Intelligence Analyzer #79
  • Use naming conventions for analyzer config properties #33
  • Hybrid Analysis Analyzer #26

Merged pull requests:

1.6.3 (2017-09-10)

Full Changelog

Merged pull requests:

  • MISP Analyzer: forgot to add same procedure if using just one MISP-Server #91 (3c7)

1.6.2 (2017-09-04)

Full Changelog

Closed issues:

  • Invalid Yeti templates folder name #89

Merged pull requests:

1.6.1 (2017-09-04)

Full Changelog

Closed issues:

  • MISPClient.__init__, ssl parameter default to True but later used as filename #87

Merged pull requests:

  • Fixes bug in MISP client #88 (3c7)

1.6.0 (2017-07-27)

Full Changelog

Closed issues:

  • WOT analyzer #82
  • Add Analyzer for Yeti Platform #68
  • Cuckoo Sandbox Analyzer #23

Merged pull requests:

1.5.1 (2017-07-13)

Full Changelog

Fixed bugs:

  • Yara analyzer doesn't recognize 'sha1' field name from Yara-rules #62

Closed issues:

  • Virustotal Scan returning incorrect taxonomy on URL scan #74

1.5.0 (2017-07-05)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Add missing check_tlp config to GoogleSafeBrowsing analyzer #71
  • Fix the URL configuration of Hippocampe analyzer #69
  • Abuse_Finder analyzer analyzes "email" instead of "mail" #52

Closed issues:

  • Missing newlines in requirements.txt #60
  • CERT.at PassiveDNS Analyzer #13

Merged pull requests:

  • Fixed mistake in blocklist script, added error on missing config #67 (3c7)
  • There were no carriage returns so it would break if you wanted to mass install the analyzer requirements #61 (Popsiclestick)

1.4.4 (2017-06-15)

Full Changelog

Fixed bugs:

  • Inconsistance between long and short reports in MISP analyzer #59

1.4.3 (2017-06-15)

Full Changelog

Fixed bugs:

  • cortexutils fails to generate error reports when the analyzer has no config #57
  • Encoding problem in cortexutils #54

1.4.2 (2017-05-24)

Full Changelog

1.4.1 (2017-05-23)

Full Changelog

1.4.0 (2017-05-22)

Full Changelog

Fixed bugs:

  • Fortiguard API Changed #37

Closed issues:

  • FireHOL blocklists analyzer #31
  • VMRay Analyzer #16

Merged pull requests:

  • corrected for change to fortiguard portal #51 (ecapuano)

1.3.1 (2017-05-12)

Full Changelog

1.3.0 (2017-05-08)

Full Changelog

Implemented enhancements:

  • Update the polling interval in VT scan analyzer #42
  • Add author and url attributes to analyzer descriptior files #32
  • Cut python 2 dependency by replacing ioc-parser in cortexutils.analyzer #4
  • Added rate limit message for VirusTotal analyzer #39 (3c7)

Closed issues:

  • File_Info analyzer has problems examining pe files #38
  • Make cortexutils compatible with python 2 and 3 #35
  • Unify short template reports to use appropriate taxonomy #34
  • Virusshare.com analyzer #30
  • YARA Analyzer #19
  • Google Safe Browsing Analyzer #17
  • CIRCL.lu PassiveSSL Analyzer #12
  • CIRCL.lu PassiveDNS Analyzer #11
  • Nessus Analyzer #1

Merged pull requests:

  • Automatic ioc extraction using RegEx #40 (3c7)
  • Use StringIO.StringIO() with python2 #36 (3c7)

1.2.0 (2017-03-31)

Full Changelog

Closed issues:

  • OTXQuery : improve error handling #22
  • Analyzer Caching #6
  • Joe Sandbox Analyzer #27
  • MISP Analyzer #14

Merged pull requests:

1.1.0 (2017-03-07)

Full Changelog

Implemented enhancements:

  • Python < 2.7 crashes on version check #10
  • VirusTotal GetReport can't get report for files from Cortex #9
  • Normalize analyzer's JSON configuration file #8

Fixed bugs:

  • OTX Query error when processing a file in Cortex #21

Closed issues:

  • Analyzer Rate Limiting #5
  • Working on analyzers: CIRCL.lu PassiveSSL/DNS, CERT.AT PassiveDNS, MISP, IntelMQ, VMRay, Google Safebrowsing, URLQuery, yara #3

1.0.0 (2017-02-17)

Full Changelog

Closed issues:

  • "VirusTotal_Scan" analyzer is not checking for TLP #2

* This Changelog was automatically generated by github_changelog_generator