Version 5.3.3

Enhancements:

• #703 Create de SOC Prime connector

Bug Fixes:

• #704 Mandiant connector using the incorrect endpoint for reports

Pull Requests:

• SOC Prime connector by @vu-socprime in #702

New Contributors:

• @vu-socprime made their first contribution in #702

Full Changelog: 5.3.2...5.3.3

Version 5.3.2

Bug Fixes:

• #697 Lots of errors when using connectors/internal-enrichment/virustotal/
• #696 connector-export-report-pdf - KeyError: 'entity_id'

Full Changelog: 5.3.1...5.3.2

Version 5.3.1

Bug Fixes:

• #694 [Mandiant] Name not present in /v4/indicator response
• #689 [import-document] 5.3.0 import document error
• #677 [Mandiant] v5.2.4 connector loops over and over again looking for an entity that doesn't exist on the platform
• #656 [MISP] First start timestamp bug

Pull Requests:

• [virustotal] Expand enrichment to Url, IPv4, Domain-Name by @YungBinary in #671
• Update README.md by @mattseymour in #692
• [Mandiant] Pass in the work_id param by @kudrew in #693
• [Mandiant] replaces name for value and resolves 694 by @fitz003 in #695

New Contributors:

• @mattseymour made their first contribution in #692
• @kudrew made their first contribution in #693
• @fitz003 made their first contribution in #695

Full Changelog: 5.3.0...5.3.1

Version 5.3.0

OpenCTI 5.3.0 is here!

⚠️ Be careful, as mentioned in the main OpenCTI release note, the History Connector has been deprecated and replaced by a core component. This one must be removed from the stack before upgrading.

Enhancements:

• #687 [Splunk] Miltiple Splunk instances configuration and threads
• #686 OpenCTI - Connector for CISA "KNOWN EXPLOITED VULNERABILITIES CATALOG"
• #678 [Internal Import Document] Automatically add report to the data menu
• #589 New IOCs Connector to implement inside OpenCTI
• #332 [Github CyberMonitor] Create the connector
• #287 [Tanium] Implement reputation expiration
• #344 [MITRE] Common Attack Pattern Enumeration and Classification (CAPEC™) 3.2 connector
• #24 [VirusTotal Hunting] Create the connector

Bug Fixes:

• #685 OpenCTI Mandiant Connector
• #649 [Splunk] Connector failed TypeError: can only concatenate str (not "Event") to str
• #492 [AMITT] The web page for this connector doesn't show the "in progress works" bars correctly
• #435 [Splunk] The connector cannot import all the fields and intel automatically

Pull Requests:

• [kaspersky] switch some logs to debug to reduce verbosity by @axelfahy in #654
• [import-document] Performance improvement on graphql queries by @fscc-samiR in #659
• [import-document] Adding support for markdown documents. Fixes #669 by @fscc-samiR in #672
• [export-report-pdf] Handle IntrusionSet Entitities by @YungBinary in #668
• [external-import][lastinfosec] Add CVE feed and Tactic Feed by @remydewa in #666
• [external-import] Add SentinelOne Threats Connector by @YungBinary in #667

Full Changelog: 5.2.4...5.3.0

Version 5.2.4

Bug Fixes:

• #647 [MITRE] relationships errors in connector

Pull Requests:

• [Valhalla] Refactor the whole connector for the new worker API by @rhaist in #648

Full Changelog: 5.2.3...5.2.4

Version 5.2.3

No changelog for this release.

Pull Requests:

• [cape/cuckoo] Fix default URLs by @nor3th in #643

Full Changelog: 5.2.2...5.2.3

Version 5.2.2

Enhancements:

• #625 MISP more types like IP:PORT
• #503 [import-report] Error when importing password protected Recorded Future pdf reports
• #351 [MISP] Support Sigma import

Bug Fixes:

• #639 [sekoia] Recursion errors after a few hours
• #634 Virustotal connector throws 'NoneType' object has no attribute 'get'
• #632 [MISP] Duplicates in bundle lead to have too many entities and heavy bundles generated
• #626 [BUG][MISP] KeyError: 'external_id'
• #635 Exporting report in csv doesn't export the report's labels
• #598 [misp] "Missing reference to handle creation" with MISP Connector when connector_update_existing_data set to True
• #431 History connector sending ElasticSearch requests non-stop
• #372 [MISP] Errors pinging the API and loading ids

Pull Requests:

• [ExportReportPdf] Bug Fixes by @YungBinary in #623
• Update CONNECTOR_NAME by @tracid56 in #624
• [misp] fixes bug with no external_id in AttackPattern by @mwatermolen in #628
• [virustotal_downloader] Resolve "RuntimeError: Timeout context manager should be used inside a task" by @YungBinary in #629
• [ExportReportPdf] Report Formatting Fixes by @YungBinary in #631
• Fixes Recursion error in SEKOIA connector by @Darkheir in #638
• [thehive_connector] Add hostname observable in thehive connector by @sacx in #637
• [export-report-pdf] Fix_missing_Error_loading_shared_library_pango-1.0-0 by @aakloul in #641

New Contributors:

• @tracid56 made their first contribution in #624
• @sacx made their first contribution in #637
• @aakloul made their first contribution in #641

Full Changelog: 5.2.1...5.2.2

Version 5.2.1

Bug Fixes:

• #621 Missing MISP Events

Full Changelog: 5.2.0...5.2.1

Version 5.2.0

Bug Fixes:

• #592 [elastic] Elastic Threat Intel Connector: AttributeError: 'NoneType' object has no attribute 'split'

Full Changelog: 5.1.4...5.2.0

Version 5.1.4

Enhancements:

• #98 [ImportFileCsv] Create the connector
• #601 [New connector] VirusTotal downloader (@YungBinary)

Bug Fixes:

• #614 VirusTotal Connector TypeError: 'NoneType' object is not subscriptable
• #606 Riskiq Connector throwing errors (@axelfahy)
• #604 [hatching-triage-sandbox] Fix connector build
• #600 ExportReportPdf Connector Does Not Exist in DockerHub
• #591 connector-abuseipdb: TypeError: 'NoneType' object is not subscriptable
• #588 [TAXII2 Connector] Unsopported Operant Type when trying to import data (TAXII2.1)
• #587 Cannot query field "platform_url" on type "Settings"
• #579 MISP connector fetches the same event numerous times when publish_timestamp attribute is used
• #578 [MISP] latest_event_timestamp is null first launch
• #570 MISP connector fails and never gets work done
• #500 [virustotal] Connector doesn't handle use cases very well when the allowed VT API quota is set to 1 request per day
• #411 [TAXII2] KeyError: 'objects' when pulling TAXII feed
• #389 [MISP] In some cases the bundle is missing referenced entities

Pull requests

• [import-document] Add CSV file support by @nor3th in #599
• [export-report-pdf] Fix docker build #600 by @nor3th in #602
• [abuse-ip] Fix key error by @nor3th in #603
• Taxii handle empty bundle by @nor3th in #605
• [MalwareBazaar Recent Additions] bugfixes by @scottpas in #607
• [riskiq] fix importation when publishedDate is not provided by @axelfahy in #608
• [internal-enrichment] Add Virustotal Downloader Connector by @YungBinary in #601

New Contributors:

• @scottpas made their first contribution in #607

Full Changelog: 5.1.3...5.1.4