Releases: OpenCTI-Platform/connectors
Releases · OpenCTI-Platform/connectors
Version 6.4.2
aefc5a3
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Bug Fixes:
- #3042 [Sentinel-Intel] Missing init retries_builder for handle 429
- #3032 [sentinel-intel] JWT token expire after two hours and is not renewed
- #3025 [Recorded Future] Issue on getting data from RF Alerts
- #3001 [Mandiant] Crash if the state is empty
- #2989 [RecordedFuture] Unexpected error
- #2980 [Crowdstrike-Security-Endpoint] Error while processing indicator
- #2868 [MISP] Mapping error on relationships Source = Target = ?
Pull Requests:
- [Recorded Future] Fix error when getting priority alerts for when getting Alerts by @helene-nguyen in #3009
- [REVERSINGLABS] Update Spectra Analyze connector v1.1.0 by @MislavReversingLabs in #3008
- Update dependency boto3 to v1.35.67 by @renovate in #3006
- Update dependency pycti to v6.4.1 by @renovate in #3011
- [Recorded Future] Fix unexpected error RF empty incidents by @helene-nguyen in #3017
- [Recorded Future] Fix error when getting priority alerts for when getting Alerts by @helene-nguyen in #3019
- [Crowdstrike] Improve condition in Crowdstrike stream by @helene-nguyen in #3014
- [MISP-FEED] Add documentation + fix conf parsing by @Renizmy in #3012
- [Recorded Future] Fix import incidents for RF alerts by @helene-nguyen in #3026
- Update dependency playwright to v1.49.0 by @renovate in #3021
- [Misp] Fix error of relation having same ref for source and target by @Megafredo in #2993
- [Sentinel-Intel] Fix Error 401 Unauthorized by @Megafredo in #3041
- [Mandiant] fix: infinitely crashes if the state is empty by @flavienSindou in #3018
- [Sentinel-Intel] Fix missing init retries_builder by @Megafredo in #3043
- Update dependency APScheduler to ~=3.11.0 by @renovate in #3037
New Contributors:
- @MislavReversingLabs made their first contribution in #3008
Full Changelog: 6.4.1...6.4.2
Contributors
renovate, Megafredo, and 4 other contributors
Assets 2
Version 6.4.1
3011eed
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Enhancements:
- #2895 OpenCTI internal-enrichment/ipinfo connector, ASN field missing from enrichments
- #2747 Need filtering capability to limit number of records
Pull Requests:
- Update dependency pycti to v6.4.0 by @renovate in #2990
- Update dependency boto3 to v1.35.65 by @renovate in #2991
- [Mitre] Add default for interval, as the documentation states. by @fslds in #2995
- [Taxii2] Update of code by @annoyingapt in #2894
- [Connectors] Re add missing generate_id arguments by @helene-nguyen in #2920
- [Shodan] Created config to use ISP name for ASN name. by @annoyingapt in #2936
- [IpInfo] Added extraction of asn data from org field by @annoyingapt in #2911
- [Connectors] Move Qradar in another build by @helene-nguyen in #2999
- Update dependency google-api-python-client to v2.154.0 by @renovate in #3000
New Contributors:
Full Changelog: 6.4.0...6.4.1
Contributors
fslds, renovate, and 2 other contributors
Assets 2
Version 6.4.0
c1b173c
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Bug Fixes:
- #2983 [Mandiant] Unexpected properties for stix2 Note
- #2980 [Crowdstrike-Security-Endpoint] Error while processing indicator
- #2978 [CI] CircleCI failing in tests due to Numpy unsupported version for Python 3.12
- #2977 [Connectors] When pulling Splunk docker image after release, context build error
Pull Requests:
- Update opencti/connector-riskiq-passive-total Docker tag to v6.3.13 by @renovate in #2975
- Update dependency boto3 to v1.35.63 by @renovate in #2976
- fix: revert to 3.11 for CI tests by @flavienSindou in #2981
- [Harfanglab Intel] Create a stream connector to replace current Harfanglab connector by @Powlinett in #2941
- [urlscan-enrichment] Return empty array instead of None when no ASN found by @DucNg in #2966
- [Mandiant] Update stix2 Note by @Megafredo in #2984
- [connector] Improve condition in Crowdstrike stream by @helene-nguyen in #2985
- [connector] Fix CI for Splunk connector to not pull Qradar entrypoint by @helene-nguyen in #2986
- Update MISP lists in hygiene connector by @baptiste-fourmont in #2839
New Contributors:
- @DucNg made their first contribution in #2966
- @baptiste-fourmont made their first contribution in #2839
Full Changelog: 6.3.13...6.4.0
Contributors
renovate, Megafredo, and 5 other contributors
Assets 2
Version 6.3.13
834a7ac
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Enhancements:
- #2692 [RiskIQ - PassiveTotal]: Create the enrichment connector
Bug Fixes:
- #2798 [Tanium] Repeating addition of intel
Pull Requests:
- [Tanium] Fix KeyError on non-existing indicator's labels by @Powlinett in #2967
- [RiskIQ - PassiveTotal] Create the enrichment connector by @Megafredo in #2968
- Update dependency pycti to v6.3.12 by @renovate in #2974
Full Changelog: 6.3.12...6.3.13
Contributors
renovate, Megafredo, and Powlinett
Assets 2
Version 6.3.12
d5a531e
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Enhancements:
- #2947 [QRadar] Forward offenses from QRadar into OpenCTI as incidents
- #2923 [Connectors] Add linter check for no generation id stix, no value parameter and unused import in Circle CI
- #2298 Split logics for Microsoft Sentinel / Tanium Threat Response / HarfangLabs between Stream & Import
Bug Fixes:
- #2958 [Crowdstrike] Ingestion take too much time: state is not updated properly
- #2879 [splunk] Entrypoint refers to qradar directory
- #2867 [Flashpoint] Error occurs after some time running the connector
- #2816 [Mandiant]: Map Mandiant score to our score attribute on indicator
- #2803 [Flashpoint] Errors while adding the connector
- #2765 [Crowdstrike] Observable entities in reports are not imported
- #2811 Enrichment connectors called too early for artifacts
- #2700 [YARA] The YARA connector attempts to scan an artifact before the malwarebazaar-recent-additions connector finishes uploading the file
- #2546 [Yara Scan] Several problem
Pull Requests:
- Update dependency google-auth to v2.36.0 by @renovate in #2922
- [Template] Fixed condition and work id by @annoyingapt in #2935
- Update dependency PyGithub to v2.5.0 by @renovate in #2921
- Update dependency regex to v2024.11.6 by @renovate in #2934
- Update dependency packaging to v24.2 by @renovate in #2942
- Update dependency wheel to v0.45.0 by @renovate in #2943
- [Connectors] Add linter check for no generation id stix, no value parameter and unused import in Circle CI by @helene-nguyen in #2948
- [Mandiant] Add Mandiant score to IOC instead of confidence by @helene-nguyen in #2944
- Update dependency google-api-core to v2.23.0 by @renovate in #2950
- Update dependency Titan-Client to v1.20.0.4 by @renovate in #2951
- [Connectors] Revert docker_layer_caching by @helene-nguyen in #2937
- [Harfanglab Incidents] Create an external import connector by @Powlinett in #2877
- [FLASHPOINT] Deprecate malware and APT mport options by @flavienSindou in #2874
- [Flashpoint] Fix KeyError "site_source_uri" by @Powlinett in #2919
- Update dependency googleapis-common-protos to v1.66.0 by @renovate in #2955
- Update dependency boto3 to v1.35.59 by @renovate in #2954
- [Crowdstrike] Decrease limit max to retrieve IOCs + update documentation by @helene-nguyen in #2959
- Update dependency google-api-python-client to v2.153.0 by @renovate in #2961
- Update dependency pycti to v6.3.11 by @renovate in #2962
- Update dependency boto3 to v1.35.62 by @renovate in #2963
- [Connectors] Re add base linter to Circle CI by @helene-nguyen in #2970
- [Crowdstrike] Handle IOCs to be added in the report while importing the report by @helene-nguyen in #2969
- [Yara] Quick Fix for artefact recovery by @Megafredo in #2876
Full Changelog: 6.3.11...6.3.12
Contributors
renovate, Megafredo, and 4 other contributors
Assets 2
Version 6.3.11
09b4625
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
No changelog for this release.
Pull Requests:
- [connectors] Multiple improvements : tokens, query hash, remove cybercrime by @cert-orangecyberdefense in #2912
Full Changelog: 6.3.10...6.3.11
Contributors
cert-orangecyberdefense
Assets 2
Version 6.3.10
9a5877e
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Enhancements:
- #2704 [Sentinel] Store additional information
- #2590 [Microsoft Sentinel] Enhance the connector i.e. import more data from MS to OCTI
- #976 [Silobreaker] Overall enhancement + customizable search queries
- #728 [MISP] hashes are not supported and inserted as
Text - #477 [TAXII2] Add Client side cert auth support
Bug Fixes:
- #2918 Relationships not created after workbench validation
- #2908 [group-ib] collection apt/threat error
- #2898 [Valhalla]: Many YARA rules are not correctly ingested
- #2887 [Sentinel Incidents] Error when running Sentinel Incidents image
- #2884 [Recorded Future] Crash Occurred "Alert" object is not subscriptable
- #2879 [splunk] Entrypoint refers to qradar directory
- #2878 [zerofox] cannot import name 'FoxBotnet' from 'zerofox.domain.botnet'
- #2873 [Valhalla] Object of type 'Indicator' is not JSON serializable
Pull Requests:
- Update dependency boto3 to v1.35.54 by @renovate in #2891
- [Recorded-Future] Fix TypeError, AttributeError and refacto by @Megafredo in #2885
- [connectors] update templates to align with best practices by @helene-nguyen in #2872
- Update dependency google-api-python-client to v2.151.0 by @renovate in #2890
- Update dependency crowdstrike-falconpy to v1.4.6 by @renovate in #2897
- [connectors] Distribute build time for CI by @helene-nguyen in #2904
- [connectors] Add docker_layer_caching for image layers in CI by @helene-nguyen in #2905
- Update opencti/connector-tenable-vuln-management Docker tag to v6.3.9 by @renovate in #2903
- Update opencti/connector-tanium-intel Docker tag to v6.3.9 - autoclosed by @renovate in #2902
- [Sentinel-Incidents] Improvment feature by @Megafredo in #2834
- [Sentinel Incidents] Fix dockerfile path by @Megafredo in #2909
- Better update dates of current state by @cert-orangecyberdefense in #2806
- [internal-import] add bundle containers to context entity container (OCTI #8178) by @JeremyCloarec in #2802
- [Connectors] Remove non-existing arguments for generate_id by @helene-nguyen in #2914
- [Zerofox] Rename class for botnet, malware, phishing, ransomware models by @helene-nguyen in #2913
- [Valhalla] Object of type 'Indicator' is not JSON serializable by @romain-filigran in #2896
- Update dependency tldextract to v5.1.3 by @renovate in #2910
- [internal-import] only add object_refs if entity context is a container by @JeremyCloarec in #2915
Full Changelog: 6.3.9...6.3.10
Contributors
renovate, cert-orangecyberdefense, and 4 other contributors
Assets 2
Version 6.3.9
No changelog for this release.
Pull Requests:
- Update dependency slack to v4.15.0 by @renovate in #2836
- Update dependency google-api-core to v2.22.0 by @renovate in #2857
- Update dependency boto3 to v1.35.52 by @renovate in #2881
- Update opencti/connector-sentinel-incidents Docker tag to v6.3.8 by @renovate in #2880
Full Changelog: 6.3.8...6.3.9
Contributors
renovate
Assets 2
Version 6.3.8
d3a8bb3
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Bug Fixes:
- #2865 [connector] Revert flake8 replacement with pylint
Pull Requests:
- [Connector] Revert flake8 config file deletion by @flavienSindou in #2866
Full Changelog: 6.3.7...6.3.8
Contributors
flavienSindou
Assets 2
Version 6.3.7
22283fe
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Enhancements:
- #2863 [connectors] Correct stochastic generated stix object id and add linter
- #2804 [RiskIQ] Set Main observable type
- #1450 [Tenable Vuln Management] Create the connector
Bug Fixes:
- #2850 [Tanium] Connector getting terminated without explicit logs
- #2792 [Mandiant] Importing Campaigns linked to an IOC doesn't import campaign's related entities
- #2773 [CrowdStrike] API Base URL variable name incorrectly defined
Pull Requests:
- [Sentinel connectors] add config to .circleci by @Powlinett in #2782
- [Sentinel-intel] Fix directory name in Dockerfile by @Powlinett in #2794
- Update dependency stix-shifter-modules-splunk to v7.1.1 by @renovate in #2790
- Update dependency boto3 to v1.35.40 by @renovate in #2791
- MISP connector add ESET galaxy by @polakovicp in #2799
- MISP connector: set tool name for PyMISP by @polakovicp in #2800
- Update dependency boto3 to v1.35.41 by @renovate in #2801
- Update dependency stix-shifter-utils to v7.1.1 by @renovate in #2796
- [RiskIQ] set Main Observable type for indicators by @yassine-ouaamou in #2805
- Update dependency boto3 to v1.35.42 by @renovate in #2809
- Update dependency boto3 to v1.35.43 by @renovate in #2813
- [Tenable-Vuln-Management]: Connector initial creation by @flavienSindou in #2759
- [Crowdstrike] Fix API Base URL variable name incorrectly defined by @helene-nguyen in #2797
- [Tenable-Vuln-Management]: Connector initial creation by @flavienSindou in #2821
- [Tanium] Create two connectors (external import and stream) to replace actual Tanium Stream connector by @Powlinett in #2698
- Update dependency boto3 to v1.35.44 by @renovate in #2818
- [Mandiant] Add possibility to import campaigns with related entities when importing IOC by @helene-nguyen in #2795
- [connectors] Error at relationships export in json (#7796) by @ValentinBouzinFiligran in #2829
- Update dependency playwright to v1.48.0 by @renovate in #2827
- Update dependency boto3 to v1.35.46 by @renovate in #2831
- Update dependency boto3 to v1.35.47 by @renovate in #2837
- Update dependency pycti to v6.3.6 by @renovate in #2844
- [Tanium] add try/except clause to log error on connector's launch by @Powlinett in #2855
Full Changelog: 6.3.6...6.3.7
Contributors
polakovicp, renovate, and 5 other contributors