[IntelMQ-users] IntelMQ & API & Manager 2.3.1

Thu Mar 25 21:17:06 CET 2021

Dear community,

This IntelMQ version did not gain any major features and is a sole
product maintenance release. It covers various minor error corrections
in the IntelMQ software, and usability enhancements for the new API.
Some notable changes are listed below.
Thanks again to all contributors!

The installation instructions:
https://intelmq.readthedocs.io/en/maintenance/user/installation.html
Upgrade instructions:
https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html
All packages have been published to PyPI. The deb/rpm-repositories and
dockerhub are following on Friday.

I'm trying to summarize the changes here, the full changelogs are linked
below.

The Cymru CAP Parser has been adapted to the new format for events of
the category "bruteforce" (PR#1795 by Sebastian Wagner, CERT.at, fixes
1794).

The Shodan Parser now supports nested conversions, improved protocol
detection and has a majorly extended parser mapping (PR#1821 by Mikk
Markus Möll, CERT.EE). The feed documentation gained a missing
description for the Shodan Country Stream (by Sebastian Wagner, CERT.at).

On the documentation front, the ecosystem document received revised
sections on intelmq-cb-mailgen and fody (PR#1792 by Bernhard Reiter,
Intevation).
A new section in the documentation summarizes hardware requirements
(PR#1811 by Sebastian Wagner, CERT.at).

Minor enhancements and adaptions in the tests.

# IntelMQ API-related changes
The IntelMQ API documentation now has more details on the required write
permission for the session database file (PR#1798 by Birger Schacht,
CERT.at, fixes intelmq-api#23).
See https://intelmq.readthedocs.io/en/maintenance/user/intelmq-api.html

Session database permission errors: Catch the exception in the code and
add a hint to check the permissions of both the file and the directory
(PR#25 by Birger Schacht, CERT.at, fixes #23).

The tool `intelmqsetup`, which is part of the installation routine for
manual IntelMQ installations, is now able to automatically create the
required directory layout and file permissions for the IntelMQ API
(PR#1787 by Sebastian Wagner, CERT.at, fixes #1783) and as well covers
the webserver and sudoers configuration for IntelMQ API and IntelMQ
Manager (PR#1805 by Sebastian Wagner, CERT.at, fixes #1803).

# IntelMQ Manager-related changes
The required authentication token in save-data request of the
"Configuration" tab is now sent to the backend (PR#245 by Marcos
Gonzalez, CNCSRD-DO, fixes #244).
On two locations the link destinations have been fixed, they still
linked to the old PHP-based backend URLs: "Clear Configuration" link
destination (PR#249 by Sebastian Wagner, CERT.at, fixes #248) and link
to configuration page of bot on the monitor page (PR#249 by Sebastian
Wagner, CERT.at, fixes #248).

# Full changelogs:

IntelMQ: https://github.com/certtools/intelmq/releases/tag/2.3.1
IntelMQ API: https://github.com/certtools/intelmq-api/releases/tag/2.3.1
IntelMQ Manager:
https://github.com/certtools/intelmq-manager/releases/tag/2.3.1

-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210325/f976f997/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210325/f976f997/attachment.sig>