[IntelMQ-users] IntelMQ 2.3.3 release

Sebastian Wagner wagner at cert.at
Mon May 31 21:42:56 CEST 2021 

Dear community,

While the development of the next major version 3.0.0 of IntelMQ is in
the final spurt, the current version 2.3.3 marks the end of the 2.x
development cycle. Beside small error corrections it comes with support
for a few new Shadowserver feeds
(https://www.shadowserver.org/news/changes-in-sinkhole-and-honeypot-report-types-and-formats/).

Please find below the list of changes. Thanks to all contributors for
the issues reported and pull requests!

The new version is already available on GitHub, PyPI, the deb+rpm
repositories and DockerHub.

Installation documentation:
https://intelmq.readthedocs.io/en/maintenance/user/installation.html
Upgrade documentation:
https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html

### Core
- `intelmq.lib.upgrade`:
  - Added `v233_feodotracker_browse` for Abuse.ch Feodotracker Browse
parser configuration adaption (PR#1941 by Sebastian Wagner).

### Bots
#### Parsers
- `intelmq.bots.parsers.microsoft.parser_ctip`:
  - Add support for new field `SourceIpInfo.SourceIpv4Int` (PR#1940 by
Sebastian Wagner).
  - Fix mapping of "ConnectionType" fields, this is not
`protocol.application`. Now mapped to `extra.*.connection_type` (PR#1940
by Sebastian Wagner).
- `intelmq.bots.parsers.shadowserver._config`:
  - Add support for the new feeds *Honeypot-Amplification-DDoS-Events*,
*Honeypot-Brute-Force-Events*, *Honeypot-Darknet*, *IP-Spoofer-Events*,
*Sinkhole-Events*, *Sinkhole-HTTP-Events*, *Vulnerable-Exchange-Server*,
*Sinkhole-Events-HTTP-Referer* (PR#1950, PR#1952, PR#1953, PR#1954,
PR#1970 by Birger Schacht and Sebastian Wagner, PR#1971 by Mikk Margus
Möll).

#### Experts
- `intelmq.bots.experts.splunk_saved_search.expert`:
  - fixed erroneous string formatting (PR#1960 by Karl-Johan Karlsson).

#### Outputs
- `intelmq.bots.outputs.smtp.output`:
  - Handle empty "fieldnames" parameter by sending no attachment
(PR#1932 by Sebastian Wagner).

### Documentation
- Feeds:
  - Fixed Abuse.ch Feodotracker Browse parser configuration (PR#1941 by
Sebastian Wagner fixes #1938).

### Tests
- `intelmq.bots.parsers.html_table`:
  - Added testcase for Abuse.ch Feodotracker Browse (PR#1941 by
Sebastian Wagner).

### Tools
- intelmqsetup:
  - Set ownershop of state file path and its parent directory (PR#1911
by Sebastian Wagner).

### Known issues
- ParserBot: erroneous raw line recovery in error handling (#1850).

-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 676 898 298 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210531/b45290ea/attachment.sig>

More information about the IntelMQ-users mailing list