Dear community,
This IntelMQ version did not gain any major features and is a sole product maintenance release. It covers various minor error corrections in the IntelMQ software, and usability enhancements for the new API. Some notable changes are listed below. Thanks again to all contributors!
The installation instructions: https://intelmq.readthedocs.io/en/maintenance/user/installation.html Upgrade instructions: https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html All packages have been published to PyPI. The deb/rpm-repositories and dockerhub are following on Friday.
I'm trying to summarize the changes here, the full changelogs are linked below.
The Cymru CAP Parser has been adapted to the new format for events of the category "bruteforce" (PR#1795 by Sebastian Wagner, CERT.at, fixes 1794).
The Shodan Parser now supports nested conversions, improved protocol detection and has a majorly extended parser mapping (PR#1821 by Mikk Markus Möll, CERT.EE). The feed documentation gained a missing description for the Shodan Country Stream (by Sebastian Wagner, CERT.at).
On the documentation front, the ecosystem document received revised sections on intelmq-cb-mailgen and fody (PR#1792 by Bernhard Reiter, Intevation). A new section in the documentation summarizes hardware requirements (PR#1811 by Sebastian Wagner, CERT.at).
Minor enhancements and adaptions in the tests.
# IntelMQ API-related changes The IntelMQ API documentation now has more details on the required write permission for the session database file (PR#1798 by Birger Schacht, CERT.at, fixes intelmq-api#23). See https://intelmq.readthedocs.io/en/maintenance/user/intelmq-api.html
Session database permission errors: Catch the exception in the code and add a hint to check the permissions of both the file and the directory (PR#25 by Birger Schacht, CERT.at, fixes #23).
The tool `intelmqsetup`, which is part of the installation routine for manual IntelMQ installations, is now able to automatically create the required directory layout and file permissions for the IntelMQ API (PR#1787 by Sebastian Wagner, CERT.at, fixes #1783) and as well covers the webserver and sudoers configuration for IntelMQ API and IntelMQ Manager (PR#1805 by Sebastian Wagner, CERT.at, fixes #1803).
# IntelMQ Manager-related changes The required authentication token in save-data request of the "Configuration" tab is now sent to the backend (PR#245 by Marcos Gonzalez, CNCSRD-DO, fixes #244). On two locations the link destinations have been fixed, they still linked to the old PHP-based backend URLs: "Clear Configuration" link destination (PR#249 by Sebastian Wagner, CERT.at, fixes #248) and link to configuration page of bot on the monitor page (PR#249 by Sebastian Wagner, CERT.at, fixes #248).
# Full changelogs:
IntelMQ: https://github.com/certtools/intelmq/releases/tag/2.3.1 IntelMQ API: https://github.com/certtools/intelmq-api/releases/tag/2.3.1 IntelMQ Manager: https://github.com/certtools/intelmq-manager/releases/tag/2.3.1