Skip to content

2.3.2 Bugfix release
Compare
Choose a tag to compare
released this 27 Apr 10:20
· 1258 commits to develop since this release
2.3.2
e02f435

Installation documentation:
https://intelmq.readthedocs.io/en/maintenance/user/installation.html
Upgrade documentation:
https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html

Core

  • intelmq.lib.harmonization:
    • TLP type: accept value "yellow" for TLP level AMBER.

Bots

Collectors

  • intelmq.bots.collectors.shadowserver.collector_reports_api:
    • Handle timeouts by logging the error and continuing to next report (PR#1852 by Marius Karotkis and Sebastian Wagner, fixes #1823).

Parsers

  • intelmq.bots.parsers.shadowserver.config:
    • Parse and harmonize field end_time as date in Feeds "Drone-Brute-Force" and "Amplification-DDoS-Victim" (PR#1833 by Mikk Margus Möll).
    • Add conversion function convert_date_utc which assumes UTC and sanitizes the data to datetime (by Sebastian Wagner, fixes #1848).
  • intelmq.bots.parsers.shadowserver.parser_json:
    • Use the overwrite parameter for optionally overwriting the "feed.name" field (by Sebastian Wagner).
  • intelmq.bots.parsers.microsoft.parser_ctip:
    • Handle fields timestamp, timestamp_utc, source_ip, source_port, destination_ip, destination_port, computer_name, bot_id, asn, geo in Payload of CTIP Azure format (PR#1841, PR#1851 and PR#1879 by Sebastian Wagner).
  • intelmq.bots.parsers.shodan.parser:
    • Added support for unique keys and verified vulns (PR#1835 by Mikk Margus Möll).
  • intelmq.bots.parsers.cymru.parser_cap_program:
    • Fix parsing in whitespace edge case in comments (PR#1870 by Alex Kaplan, fixes #1862).

Experts

  • intelmq.bots.experts.modify:
    • Add a new rule to the example configuration to change the type of malicious-code events to c2server if the malware name indicates c2 (PR#1854 by Sebastian Wagner).
  • intelmq.bots.experts.gethostbyname.expert:
    • Fix handling of parameter gaierrors_to_ignore with value None (PR#1890 by Sebastian Wagner, fixes #1886).

Outputs

  • intelmq.bots.outputs.elasticsearch: Fix log message on required elasticsearch library message (by Sebastian Wagner).

Documentation

  • dev/data-harmonization: Fix taxonomy name "information gathering" should be "information-gathering" (by Sebastian Wagner).

Tests

  • intelmq.tests.bots.parsers.microsoft.test_parser_ctip_azure:
    • Add test case for TLP level "YELLOW".

Known issues

  • ParserBot: erroneous raw line recovery in error handling (#1850).
Assets 2
Loading