mirror of
https://github.com/valitydev/Cortex-Analyzers.git
synced 2024-11-06 09:05:19 +00:00
62 KiB
62 KiB
Changelog
2.3.0 (2019-12-05)
Implemented enhancements:
Fixed bugs:
-
Bug -
Bug -
Bug - Add mime types of encrypted documents #550
-
Bug -
Bug - Talos Analyzer No Longer Works #521
-
Bug -
Bug
Closed issues:
- MaxMind Analyzer: Use commercial databases with geoipupdate #474
2.2.0 (2019-10-01)
Implemented enhancements:
-
FR -
FR - Responder: Block a "domain" observable via BIND RPZ DDNS update #435
Fixed bugs:
-
Bug -
Bug -
Bug -
Bug -
Bug -
Misc -
Bug - Encoding error in Shodan results #322
-
BugFix
Closed issues:
-
FR -
FR - Responder QRadarAutoClose #441
Merged pull requests:
- Responder QRadarAutoClose #460 (cyberpescadito)
- Add responder DNS-RPZ
issue \#435#447 (mhexp) - New analyser : Google Vision API #297 (0xswitch)
2.1.8 (2019-07-12)
Fixed bugs:
-
Bug
2.1.7 (2019-07-10)
Implemented enhancements:
- Analyzer Template Check-Up #213
Fixed bugs:
-
Bug - Threatcrowd, TorBlutmagie, TorProject not displayed #414
- OTXQuery_2_0 Error when submitting IP address #363
Closed issues:
- New analyzer: Talos Reputation #426
2.1.6 (2019-06-21)
Implemented enhancements:
Fixed bugs:
- Missing request lib in the docker of Fortiguard analyzer #503
2.1.5 (2019-06-20)
Fixed bugs:
- Docker for EmlParser is not working, python-magic is missing #502
2.1.4 (2019-06-20)
Fixed bugs:
- TalosReputation : not cortexutils in requirements.txt #501
2.1.3 (2019-06-17)
Fixed bugs:
- Problem with iocp requirement #500
2.1.2 (2019-06-16)
2.1.1 (2019-06-16)
2.1.0 (2019-06-09)
Implemented enhancements:
- FileInfo : extract URL from documents like PDF or Office #465
- Use up to date msg-Extract lib in FileInfo #464
-
FR - remove extra slash #488 (garanews)
- EmlParser - Fixed headers and displayTo #486 (mgabriel-silva)
- Crtsh updates #432 (kx499)
Fixed bugs:
-
Bug - Cuckoo Sandbox Analyzer error #458
-
Bug -
Bug -
Bug - Use VirusTotal with python3
issue \#361#446 (Nergie) - Fix emlParser crash #439 (agix)
Closed issues:
- "errorMessage": "Missing dataType field" #481
- Hashdd_Detail_1_0 throwing error #461
- "errorMessage": "Invalid output\n" on Mail Responder #452
Merged pull requests:
- added custom Dns sinkholed ip #482 (garanews)
- yeti api key #478 (siisar)
- Possibility to use a Yeti apikey. #477 (siisar)
- Utility to make running an Analyzer locally easier, helpful in development #471 (ndejong)
- DNSSinkhole analyzer #434 (garanews)
- New analyzer: Talos Reputation #427 (mgabriel-silva)
2.0.1 (2019-04-05)
Fixed bugs:
-
Bug
2.0.0 (2019-04-05)
Closed issues:
-
FR -
FR
1.16.0 (2019-03-27)
Implemented enhancements:
- AbuseIPDB analyzer creation #353
Fixed bugs:
-
Bug
Closed issues:
- Different analyzer results between manually built instance and trainingVM #442
- Crowdstrike Falcon Responder #423
- Backscatter.io Analyzer #422
Merged pull requests:
- Add responder QRadarAutoClose[FR#441] #443 (cyberpescadito)
- added templates for AbuseIPDB #425 (mlodic)
- A responder for the Crowdstrike Falcon custom IOC api #421 (ag-michael)
- New analyzer: Backscatter.io #420 (9b)
- Added AbuseIPDB analyzer #400 (mlodic)
1.15.3 (2019-02-28)
Implemented enhancements:
-
FR - Updating Cuckoo Analyzer/Report Templates #418 (nicpenning)
Fixed bugs:
- Proofpoint analyzer fails Unexpected Error: Unicode-objects must be encoded before hashing #417
1.15.2 (2019-02-11)
Implemented enhancements:
- Wrong File handling in OTXQuery Analyzer #313
Fixed bugs:
- MISP Analyzer only queries first configured MISP instance #378
- Issue with encoding in mailer responder #416
- Restrict UnshortenLink usage to urls without IPs and/or ports #413
- Crtsh Analyzer: crt.sh result is a nested list #410
- MISP: fix requirements; enum not required for python 3.4+ #409
- FileInfo Manalyze - [plugin_btcaddress] Renamed to plugin_cryptoaddress. #408
- Bug: a broken link in the Cymon_Check_IP report #406
- Fix for #410 removed wrapping of crt.sh result in a list #411 (sprungknoedl)
Closed issues:
- EmlParser_1_1 not parsing .msg files #401
Merged pull requests:
1.15.1 (2019-01-09)
Fixed bugs:
- Wrong command path in HIBP_Query.json #404
- fix the lack of dependency called enum in ubuntu 16.04 #398 (yojo3000)
Closed issues:
- Malwares Analyzer for Python 3.4+ #402
Merged pull requests:
1.15.0 (2018-12-20)
Implemented enhancements:
- Improvement: Eml_Parser Analyzer & Template #394
- Revamp Shodan analyzer #327
- Update DomainTools analyzer with new flavors #320
- Add support for query parameters in DNSDB #318
- Improvement: Eml_Parser Analyzer & Template #393 (arnydo)
- Analyzer/Umbrella & Templates #392 (arnydo)
- Improve/mailer #376 (arnydo)
- Additional features for IBM X-force plug-in #368 (gekkeharry13)
- Revamp Shodan analyzer #328 (amr-cossi)
- Feature/domain tools more flavors #321 (amr-cossi)
Fixed bugs:
- Fortigard Report Template needs to be updated with new reclassification url #345
Closed issues:
- Analyzer report samples/examples #390
- New Analyzer: Cisco Umbrella Reporting #385
- Cisco Umbrella Blacklister Responder #382
- New analyzer : Cyberprotect ThreatScore #373
- New Analyzer: SecurityTrails #370
- Analyzer - Haveibeenpwned.com Lookup #190
Merged pull requests:
- Adding Patrowl analyzer #386 (MaKyOtOx)
- Responder/umbrella blacklister #383 (arnydo)
- HIBP_Query - Option to include Unverified Breaches #381 (arnydo)
- New analyzer : Cyberprotect ThreatScore #374 (remiallain)
- feat: add SecurityTrails analyzers #371 (ninoseki)
- Added HIBP Analyzer with templates #367 (crackytsi)
- Fix Fortiguard reclassification request URL #346 (megan201296)
- Add DNSDB API parameters #319 (amr-cossi)
1.14.4 (2018-12-05)
Implemented enhancements:
- Add option to specify SMTP Port for Mailer Responder #377
- Virustotal: update short reports to distinguish Scan from GetReport flavors #389
Fixed bugs:
- msg-extractor library has been updated and brakes FileInfo analyzer #384
1.14.3 (2018-11-28)
Fixed bugs:
- eml_parser Unexpected Error: list index out of range #352
Closed issues:
- CERTatPassiveDNS_2_0 Invalid File for WHOIS.sh #349
1.14.2 (2018-11-16)
Fixed bugs:
- Fix URLHaus long template #375
1.14.1 (2018-11-09)
Implemented enhancements:
- Fix for Fortiguard to handle FQDNs as well as domains and urls #358 (phpsystems)
Fixed bugs:
- Proofpoint analyzer definition missing the configuration objects #366
- fix in case GSB value is missing #365 (garanews)
- fix: "cut: the delimiter must be a single character" #364 (garanews)
Closed issues:
- FileInfo 5.0 Dockerized .exe analysis #369
1.14.0 (2018-10-26)
Implemented enhancements:
- MISP WarningLists CIDR notation support #197
- Fixes file not found issue and empty result set in CERT.at passive dns analyzer #362
- Add RTF support in FileInfo #360
- PassiveTotal_Passive_Dns_2_0 ordering issue #329
- Add new flavors in Onyphe analyzer #324
- Urlscan Analyzer #131
- PassiveTotal_Passive_Dns_2_0: Improve the ordering of the records #330 (ninoseki)
- Fix a typo in URLhaus's long.html #348 (ninoseki)
- Add RecordedFuture Analyzer #347 (jojoob)
- Add urlscan.io search analyzer #337 (ninoseki)
- Add Datascan and Inetnum flavors #326 (amr-cossi)
- New Analyzer: Investigate #310 (yasty)
- New analyzer : Google DNS over HTTPS #305 (0xswitch)
Fixed bugs:
- Cortex Responder - Invalid Output #331
- Force python3 for MISP-Analyzer #356
- HybridAnalysis analyzer does not properly handle filenames on some cases #323
Closed issues:
- Joe Sandbox Analyzer returning error with Joe Sandbox Cloud Pro #357
- Yara analyzer: 'can't open include file' #354
- Add support to responders in cortexutils #316
- Could not get Yeti analyzer worked in cortex #307
- Request for a Cortex Analyzer for Recorded Future #102
- New Analyzer: Investigate #309
- New analyzer : Google DNS over HTTPS #306
- Proofpoint Forensics Lookup #117
1.13.2 (2018-10-16)
Fixed bugs:
- Cuckoo file submission Analyzer error #177
1.13.1 (2018-09-19)
Fixed bugs:
- Wrong datatype in artifact() in DShield analyzer #344
1.13.0 (2018-09-18)
Implemented enhancements:
- Whois History has no mini report #339
- New analyzer: Pulsedive #303
- New analyzer : Hunter.io #293
- add Phishing Initiative Scan analyzer. #317 (sigalpes)
- New analyzer: DShield #300 (xme)
- Fortiguard url taxonomy #296 (srilumpa)
- New analyzer: Hunter.io #294 (remiallain)
Fixed bugs:
- Fix issues with VMRay analyzer #332
- Fix code in Domaintools analyzer #341
- Wrong template in C1fApp analyzer short report #340
- MISP Analysis failes #335
-
URLhaus - FortiGuard URL: taxonomy is too rigid #295
Closed issues:
- Cortex Responder - "thehive:log" datatype #343
- DomainTools Analyzer Risk is broken. Gives authentication errors #338
- StopForumSpam analyzer #205
- Fireeye iSIGHT Analyzer #160
- Manalyze analyzer #116
Merged pull requests:
1.12.0 (2018-07-31)
Merged pull requests:
1.11.0 (2018-07-13)
Implemented enhancements:
- New DomainTools API services requires new analyzer #240
- remove double quotes in short reports #291
- Update DomainTools Analyzer to pull Risk and Proximity Score #214
-
OS3 Hackathon - VirusTotal URL report #289 (srilumpa)
- Add URLHaus analyzer #271 (3c7)
Fixed bugs:
- Analyzer Issue : Abuse_Finder #277
- Malwares analyzer has wrong api URL #292
- MISP analyzer certificate validation and name configuration #286
- FileInfo fixes #281
Closed issues:
Merged pull requests:
1.10.4 (2018-06-23)
Fixed bugs:
- IBM X-Force and Abuse finder problems found in shorts and long report #290
1.10.3 (2018-06-18)
Implemented enhancements:
Fixed bugs:
- ibm xforce analyzer "show-all" buttons don't work #287
Closed issues:
- Ofuscating an IOC signature before analyzing on VT #288
- IBM X-Force Exchange Analyzer #144
- API Keys to be submitted through Cortex for Analyzers #7
1.10.2 (2018-06-08)
Fixed bugs:
- File encoding issue in Threatcrowd json file #283
- IBMXForce template name #280
- Allow to set self signed certificates in VMRay analyzer #279
- IBMXforce Analyzer forces TLP1 #278
- Greynoise minireport does not give any info when there is no record in report #275
- encoding problem in ThreatCrowd #273
Closed issues:
- Yara config for multi pathes is not parsing correctly in platform #274
1.10.1 (2018-06-06)
Fixed bugs:
- Wrong name for Staxx report template #272
1.10.0 (2018-06-06)
Implemented enhancements:
- New analyzer: malwares.com #251
- Release 1.10.0 #270
- No short report in Hybrid-Analysis when there is no result #267
- Add ip dataType to CERT.at Passive DNS analyzer #237
- Grey Noise analyzer #231
- URLhaus analyzer #226
- cybercrime-tracker.net analyzer #220
- Anomali Staxx Analyzer #180
- Download only new hash files #242 (ktneely)
- Develop branch, add Staxx Analyzer #263 (robertnixon2003)
- Improve EmergingThreats analyzers #259 (ant1)
- Created Mnemonic PDNS public and closed analyzers #256 (NFCERT)
- New analyzer: malwares.com #252 (garanews)
- add UnshortenLink analyzer #247 (sigalpes)
- add threatcrowd analyzer #244 (remiallain)
- JoeSandbox analyzers: use a sane analysis timeout #239 (ant1)
- GreyNoise analyzer #236 (danielbrowne)
- cybercrime-tracker.net analyzer #222 (ph34tur3)
- created IBMXForce analyzer #187 (garanews)
Fixed bugs:
- Payloadsecurity #262
- Bug in EmergingThreats_MalwareInfo analyzer #258
- Error in permalink in Cymon long report template #238
- Added the executable flag to cuckoosandbox_analyzer.py #266 (Jack28)
- MISP WarningLists - Handling IP address lookup in CIDR IP ranges #200 (srilumpa)
Closed issues:
- Create GreyNoise analyzer template #269
Merged pull requests:
1.9.7 (2018-05-29)
Implemented enhancements:
- Update analyzers configuration for Cortex2 #172
Fixed bugs:
- Yara no longer processing rules after cortex 2.0 update #245
Closed issues:
1.9.6 (2018-04-25)
Fixed bugs:
- Yeti pyton lib fails to install for python_version > 2.7 #241
1.9.5 (2018-04-18)
Fixed bugs:
- Remove emerging threat wrong template files #233
- Censys analyzer : no uid given but the parameter is set #232
1.9.4 (2018-04-13)
Implemented enhancements:
- CIRCLPassiveSSL_2_0 requires colons or dashes in hashes #229
Fixed bugs:
- Hybrid Analysis returns success when filename query didn't work #223
- Fix JSB Url Analysis template #207 (ant1)
1.9.3 (2018-04-09)
Implemented enhancements:
- Cuckoo Analyzer changes the name of the file #188
Fixed bugs:
- Fix the default config of Cymon_Check_IP analyzer #225
- Restrict abuse_finder and file_info dependencies to Python 2.7 #224
- MISPWarningLists Analyzer searches for hashes case sensitive #221
- Bluecoat Categorization failes #216
- View All in template long not working #208
Closed issues:
- Feature Request: haveibeenpwned.com #189
1.9.2 (2018-04-04)
Fixed bugs:
- Hybrid Analysis analyzer successful even if rate limit reached #215
- Data field missing on file submission #218
Closed issues:
1.9.1 (2018-03-30)
1.9.0 (2018-03-29)
Implemented enhancements:
- DomainTools_ReverseIP should accept fqdn and/or domain as datatype #193
- Manage domain datatype in Name_history service of DNSDB analyzer #183
- Manage fqdn datatype in domain_name service of DNSDB analyzer #182
- Improve Phishtank maliciousness results #181
- IP type for CIRCL Passive DNS and others #99
- WIP: PEP8 all the things #165 (3c7)
- added Malpedia Analyzer #168 (garanews)
Fixed bugs:
- Fortiguard analyzer : use HTTPS to request fortiguard service #201
Merged pull requests:
- Fixes some problems with automatic artifact extraction #184 (3c7)
- Addedd cymon cortex analyzers #133 (ST2Labs)
1.8.3 (2018-03-23)
Fixed bugs:
1.8.2 (2018-03-21)
Fixed bugs:
- Cortex-Analyzer - MISP-plugin without proxy support/recognition #209
- Bug: FortiGuard URLCategory Failure #203
- Onyphe_Ports_1_0 return bad data in JSON object #169
- Joe Sandbox Analyzer returning error #156
- use https for request #204 (ecapuano)
- MISP WarningLists reports #196 (srilumpa)
Closed issues:
- Cortex-Analyzer - MISP-plugin no "ssl-verify = False" option #210
- MISP WarningLists long report does not display results #195
- error in MISP/requirements.txt #179
1.8.1 (2018-02-05)
Implemented enhancements:
- Updating VMRay Analyzer to accept files as dataType #157
Fixed bugs:
- Bluecoat analyzer fails if domain contains subdomain #173
Closed issues:
- Malpedia
yaraAnalyzer #166
1.8.0 (2018-01-11)
Implemented enhancements:
- VirusTotal ignores Environment Proxies #130
- Feature/bluecoat #84 (0xswitch)
- Fixes #149, removes download_hashes.py #155 (3c7)
- Joe Sandbox API version 2 support #141 (ant1)
Fixed bugs:
- MISP analyzer certpath option doesn't accept bool value #164
- VirusShare downloader bash script bug #149
- Cuckoo Analysis Fails #162
- Fix getting filenames in analyzers #140 (ant1)
- fix snort alerts #163 (garanews)
Closed issues:
- Censys.io analyzer #135
- C1fApp Analyzer #64
- URLQuery Analyzer #18
- MISP Warninglists analyzer #124
- PayloadSecurity Sandbox #121
- SinkDB Analyzer #112
- C1fApp OSINT analyzer #103
- TOR Exit Nodes IPs Analyzer #45
Merged pull requests:
- Fixed requirements parsing MsgParser/requirements.txt #159 (peasead)
- Censys.io analyzer #153 (3c7)
- C1fApp Initial version #119 (etz69)
- Fix mode when creating FireHOL ipset directory #158 (srilumpa)
- Add Onyphe analyzers #152 (Pierre-Baudry)
- Tor blutmagie #139 (srilumpa)
- Tor project analyzer #138 (srilumpa)
- Added SinkDB analyzer #134 (3c7)
- Added MISP warning lists analyzer #129 (3c7)
- Robtex API Analyzer #105 (3c7)
1.7.1 (2017-12-06)
Closed issues:
- Issue with Shodan Analyzer #150
- Analyzers using online query fails to use system proxy settings #143
- Hippocampe Analyzer Fails #137
Merged pull requests:
1.7.0 (2017-11-08)
Implemented enhancements:
Fixed bugs:
- PhishTank analyzer doesn't work #126
- Missing olefile in MsgParser requirements #101
- VirusTotal URL Scan Bug #93
Merged pull requests:
- add Analyzers Shodan #125 (sebdraven)
- Updated VT Links in Long Report #111 (saadkadhi)
- Adding netaddr to requirements for nessus analyzer #83 (drewstinnett)
- Fix PhishTank analyzer #128 (ilyaglow)
- Fixed: hide empty panel from template #108 (dadokkio)
- Fixes MISP Analyzer name bug #95 (3c7)
- Added VxStream Sandbox
Hybrid AnalysisAnalyzer #73 (yugoslavskiy)
1.6.5 (2017-11-05)
1.6.4 (2017-11-04)
Fixed bugs:
- name parameter for the MISP analyzer does behave as expected #94
- fixed line break in WOT requirements.txt #132 (peasead)
Closed issues:
- Virusshare short report enhancements if SHA1 hash passed #115
- MISP_2_0 analyzer does not seems compatible with python 2.7 #90
- ET Intelligence Analyzer #79
- Use naming conventions for analyzer config properties #33
- Hybrid Analysis Analyzer #26
Merged pull requests:
- Revert "Updated VT links in Long report" #110 (saadkadhi)
- Updated VT links in Long report #98 (mthlvt)
1.6.3 (2017-09-10)
Merged pull requests:
1.6.2 (2017-09-04)
Closed issues:
- Invalid Yeti templates folder name #89
Merged pull requests:
- Updates to Virusshare analyzer #80 (colinvanniekerk)
1.6.1 (2017-09-04)
Closed issues:
- MISPClient.__init__, ssl parameter default to True but later used as filename #87
Merged pull requests:
1.6.0 (2017-07-27)
Closed issues:
Merged pull requests:
- added WOT analyzer & fixed cuckoo templates issue #77 (garanews)
- Cuckoo Sandbox Analyzer #50 (garanews)
1.5.1 (2017-07-13)
Fixed bugs:
- Yara analyzer doesn't recognize 'sha1' field name from Yara-rules #62
Closed issues:
- Virustotal Scan returning incorrect taxonomy on URL scan #74
1.5.0 (2017-07-05)
Implemented enhancements:
- Build a taxonomy in cortexutils #66
- Joe Sandbox 19: New Information in Reports #65
- Review summary() and short reports for https://github.com/CERT-BDF/TheHive/issues/131 #56
Fixed bugs:
- Add missing check_tlp config to GoogleSafeBrowsing analyzer #71
- Fix the URL configuration of Hippocampe analyzer #69
- Abuse_Finder analyzer analyzes "email" instead of "mail" #52
Closed issues:
Merged pull requests:
- Fixed mistake in blocklist script, added error on missing config #67 (3c7)
- There were no carriage returns so it would break if you wanted to mass install the analyzer requirements #61 (Popsiclestick)
1.4.4 (2017-06-15)
Fixed bugs:
- Inconsistance between long and short reports in MISP analyzer #59
1.4.3 (2017-06-15)
Fixed bugs:
- cortexutils fails to generate error reports when the analyzer has no config #57
- Encoding problem in cortexutils #54
1.4.2 (2017-05-24)
1.4.1 (2017-05-23)
1.4.0 (2017-05-22)
Fixed bugs:
- Fortiguard API Changed #37
Closed issues:
Merged pull requests:
1.3.1 (2017-05-12)
1.3.0 (2017-05-08)
Implemented enhancements:
- Update the polling interval in VT scan analyzer #42
- Add author and url attributes to analyzer descriptior files #32
- Cut python 2 dependency by replacing ioc-parser in cortexutils.analyzer #4
- Added rate limit message for VirusTotal analyzer #39 (3c7)
Closed issues:
- File_Info analyzer has problems examining pe files #38
- Make cortexutils compatible with python 2 and 3 #35
- Unify short template reports to use appropriate taxonomy #34
- Virusshare.com analyzer #30
- YARA Analyzer #19
- Google Safe Browsing Analyzer #17
- CIRCL.lu PassiveSSL Analyzer #12
- CIRCL.lu PassiveDNS Analyzer #11
- Nessus Analyzer #1
Merged pull requests:
1.2.0 (2017-03-31)
Closed issues:
- OTXQuery : improve error handling #22
- Analyzer Caching #6
- Joe Sandbox Analyzer #27
- MISP Analyzer #14
Merged pull requests:
- Nessus Analyzer #20 (guillomovitch)
1.1.0 (2017-03-07)
Implemented enhancements:
- Python < 2.7 crashes on version check #10
- VirusTotal GetReport can't get report for files from Cortex #9
- Normalize analyzer's JSON configuration file #8
Fixed bugs:
- OTX Query error when processing a file in Cortex #21
Closed issues:
- Analyzer Rate Limiting #5
- Working on analyzers: CIRCL.lu PassiveSSL/DNS, CERT.AT PassiveDNS, MISP, IntelMQ, VMRay, Google Safebrowsing, URLQuery, yara #3
1.0.0 (2017-02-17)
Closed issues:
- "VirusTotal_Scan" analyzer is not checking for TLP #2
* This Changelog was automatically generated by github_changelog_generator