<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi,
<p>We recently published a blog post about the release, summarizing
a few of the major changes:
<a class="moz-txt-link-freetext" href="https://cert.at/en/blog/2021/8/intelmq-30-domain-based-workflow-ieps">https://cert.at/en/blog/2021/8/intelmq-30-domain-based-workflow-ieps</a></p>
<p>Sebastian<br>
</p>
<div class="moz-cite-prefix">On 7/5/21 5:59 PM, Sebastian Wagner
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:03fa6ff9-18d4-66e9-fd2e-e8d697e4afb3@cert.at">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<p>Dear community,</p>
<p>The time has come and IntelMQ 3.0 is final! We, as community,
made loads of changes, smaller and bigger ones, and I really
think that IntelMQ became more user-friendly, developer-friendly
and feature-rich at the same time!<br>
</p>
<p>There are some major changes in this release, especially the in
the field of the configuration and Internal Data format
(previously: "harmonization"). For the configuration-part, the
upgrade part should be automatic with `intelmqctl
upgrade-config` as usual. For the Data format, carefully look at
your bot configurations (filters, sieve, etc.) to update them.
Adaptions in systems connected to IntelMQ, especially also
databases might be necessary as well. The NEWS.md file give a
summary of what has changed:
<a class="moz-txt-link-freetext"
href="https://github.com/certtools/intelmq/blob/maintenance/NEWS.md#user-content-300-major-release-2021-07-02"
moz-do-not-send="true">https://github.com/certtools/intelmq/blob/maintenance/NEWS.md#user-content-300-major-release-2021-07-02</a></p>
<p>We don't recommend to upgrade existing production instance of
IntelMQ yet. We of course did testing, including the end-to-end
tests, and have detailed release notes. But for critical
systems, a delayed upgrade makes sense ;)<br>
Therefore the stable deb/rpm repositories don't contain the 3.0
release yet! Even though an upgrade of production systems is not
yet recommended, extensive usage and testing of the new releases
are very much welcome and required to get the necessary feedback
for the next (maintenance) releases.<br>
</p>
<p>The releases are available via git, PyPI, Docker and the
*unstable* deb/rpm repositories.<br>
</p>
<p>Installation documentation: <a class="moz-txt-link-freetext"
href="https://intelmq.readthedocs.io/en/maintenance/user/installation.html"
moz-do-not-send="true">https://intelmq.readthedocs.io/en/maintenance/user/installation.html</a><br>
Upgrade documentation: <a class="moz-txt-link-freetext"
href="https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html"
moz-do-not-send="true">https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html</a><br>
IntelMQ API documentation: <a class="moz-txt-link-freetext"
href="https://intelmq.readthedocs.io/en/maintenance/user/intelmq-api.html"
moz-do-not-send="true">https://intelmq.readthedocs.io/en/maintenance/user/intelmq-api.html</a><br>
IntelMQ Manager documentation: <a class="moz-txt-link-freetext"
href="https://intelmq.readthedocs.io/en/maintenance/user/intelmq-manager.html"
moz-do-not-send="true">https://intelmq.readthedocs.io/en/maintenance/user/intelmq-manager.html</a><br>
</p>
<p>NEWS/release notes of IntelMQ (Core):
<a class="moz-txt-link-freetext"
href="https://github.com/certtools/intelmq/blob/maintenance/NEWS.md#user-content-300-major-release-2021-07-02"
moz-do-not-send="true">https://github.com/certtools/intelmq/blob/maintenance/NEWS.md#user-content-300-major-release-2021-07-02</a><br>
Full Changelog of IntelMQ (Core):
<a class="moz-txt-link-freetext"
href="https://github.com/certtools/intelmq/blob/maintenance/CHANGELOG.md#300-2021-07-02"
moz-do-not-send="true">https://github.com/certtools/intelmq/blob/maintenance/CHANGELOG.md#300-2021-07-02</a></p>
<p>On a high level, these are the major changes compared to
version 2.3.x (2.3.3 was released 2021-05-31):</p>
<p>In the core and Docker:<br>
</p>
<ul>
<li>Configuration rewrite including parameter loading and
handling (IEP01), plus the required adoption of the API and
Manager, by Birger Schacht (CERT.at).</li>
<li>Classification sync with RSIT, by Sebastian Wagner
(CERT.at).<br>
</li>
<li>Removal of the BOTS file, by Sebastian Waldbauer (CERT.at).</li>
<li>Creation and maintenance of the Docker images by Sebastian
Waldbauer (CERT.at).</li>
<li>Creation of Docker-instructions for development setups by
Einar Lanfranco and Jeremias Pretto (CERT-UNLP
cert.unlp.edu.ar).<br>
</li>
</ul>
<p>New and majorly enhanced bots:<br>
</p>
<ul>
<li>Added <code>intelmq.bots.collectors.fireeye</code>: A bot
that collects indicators from Fireeye MAS appliances (PR#1745
by Christopher Schappelwein).</li>
<li><code>intelmq.bots.collectors.api.collector_api</code>:
Added UNIX socket capability (PR#1987 by Mikk Margus Möll,
fixes #1986).</li>
<li>Added <code>intelmq.bots.parsers.fireeye</code>: A bot that
parses hashes and URLs from Fireeye MAS indicators (PR#1745 by
Christopher Schappelwein).</li>
<li>Added <code>intelmq.bots.experts.http.expert_status</code>:
A bot that fetches the HTTP Status for a given URI and adds it
to the message (PR#1789 by Birger Schacht, fixes #1047
partly).</li>
<li>Added <code>intelmq.bots.experts.http.expert_content</code>:
A bot that fetches an HTTP resource and checks if it contains
a specific string (PR#1811 by Birger Schacht).</li>
<li>Added <code>intelmq.bots.experts.lookyloo.expert</code>: A
bot that sends requests to a lookyloo instance & adds <code>screenshot_url</code>
to the event (PR#1844 by Sebastian Waldbauer, fixes #1048).</li>
<li>Added <code>intelmq.bots.experts.rdap.expert</code>: A bot
that checks the RDAP protocol for an abuse contact for a given
domain (PR#1881 by Sebastian Waldbauer and Sebastian Wagner).</li>
<li><code>intelmq.bots.experts.sieve.expert</code>: Major
refactoring and lot's of new functionality New operators for
working with various types (lists, sets, booleans, float,
int), generic rule negation and nesting (PR#1895 by Mikk
Margus Möll).<br>
</li>
<li>Added <code>intelmq.bots.experts.uwhoisd</code>: A bot that
fetches the whois entry from a uwhois-instance (PR#1918 by
Raphaël Vinot).</li>
<li>Added <code>intelmq.bots.experts.aggregate</code>: A bot
that aggregate events based upon given fields & a
timespan. (PR#1959 by Sebastian Waldbauer)</li>
<li>Added <code>intelmq.bots.experts.tuency</code>: A bot that
queries the IntelMQ API of a tuency instance (PR#1857 by
Sebastian Wagner, fixes #1856).</li>
<li>Added <code>intelmq.bots.outputs.templated_smtp</code>
(PR#1901 by Karl-Johan Karlsson).</li>
</ul>
<p>On the documentation front, these are the most important
changes<br>
</p>
<ul>
<li>License and copyright information was added to all the bots
(by Birger Schacht).</li>
<li>Added documentation on the EventDB (PR#1955 by Birger
Schacht, PR#1985 by Sebastian Wagner).</li>
<li>Added TimescaleDB for time-series documentation (PR#1990 by
Sebastian Waldbauer).</li>
<li>n6 interoperability documentation: Adding more graphs and
illustrations (PR#1991 by Sebastian Wagner).</li>
<li>Added documentation on abuse-contact look-ups (PR#2021 by
Sebastian Waldbauer and Sebastian Wagner).</li>
</ul>
<p>And not to forget all the smaller changes and additions.</p>
<p>Thanks to (in random order)<br>
</p>
<p>Raphaël Vinot (circl.lu)<br>
Bernhard Reiter (intevation.de)<br>
Sebastian Wagner (CERT.AT)<br>
Filip Pokorný (CSIRT.CZ)<br>
Guillaume GRANJON de LÉPINEY (CERT XLM excellium-services.com)<br>
Mikk Margus Möll (CERT.ee)<br>
Alex Kaplan<br>
Thomas Hungenberg (CERT-BUND.DE)<br>
Einar Lanfranco (CERT-UNLP cert.unlp.edu.ar)<br>
Christopher Schappelwein (milCERT, BMLV.gv.at)<br>
Marcos Gonzalez (CSIRT-RD cncs.gob.do/csirt-rd/)<br>
Marius Karotkis (NRDCS.LT)<br>
Sebastian Waldbauer (CERT.AT)<br>
Jeremias Pretto (CERT-UNLP cert.unlp.edu.ar)<br>
Karl-Johan Karlsson (Linköping University LIU.SE)<br>
Birger Schacht (CERT.AT)<br>
</p>
<p>... and all the contributors of previous releases and as well
to all reporters, supporters, etc!</p>
<p>best regards<br>
Sebastian<br>
</p>
<pre class="moz-signature" cols="72">--
// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at" moz-do-not-send="true"><wagner@cert.at></a> - T: +43 676 898 298 7201
// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/" moz-do-not-send="true">https://www.cert.at/</a>
// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/" moz-do-not-send="true">https://www.nic.at/</a>
// Firmenbuchnummer 172568b, LG Salzburg</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
</blockquote>
<pre class="moz-signature" cols="72">--
// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at"><wagner@cert.at></a> - T: +43 676 898 298 7201
// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/">https://www.cert.at/</a>
// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/">https://www.nic.at/</a>
// Firmenbuchnummer 172568b, LG Salzburg</pre>
</body>
</html>