github OpenCTI-Platform/connectors 7.260527.0
Version 7.260527.0
on GitHub

4 hours ago

Enhancements:

  • #6512 [stream-importer] Discard already-processed files instead of raising WrongFileOrder
  • #6510 [digintlab-dep] Refactor into modules and add configurable primary-object type
  • #6452 [teamt5] Rewrite connector on connectors-sdk Pydantic settings and shared handler architecture
  • #6411 [import-doc-ai] Add support for XTM One agent
  • #6407 [assemblyline] Add new internal-enrichment connector for AssemblyLine 4 sandbox analysis
  • #6321 [mitre-attack] Fix kill chain phases order for new MITRE ATT&CK v19 tactics (Stealth & Defense Impairment)
  • #6243 [Google TI] Import IOCs using the "Steady-State IOC Deltas" API
  • #6199 [IPQS Analyzer] - new integration
  • #6191 [Ransomwarelive] Add option to disable intrusion-set creation
  • #6151 [PolySwarm] Add PolySwarm enrichment and sandbox connectors
  • #6148 [VulnCheck] Add STIX Reports to threat actors, ransomware, botnets sources
  • #6115 [CrowdStrike] Add motivations and adversary type as labels on IntrusionSet
  • #6059 [Scoring] Create a new connector to impact the score of indicators
  • #5869 [opencti] Migrate connector to be connector manager supported
  • #5723 Create an Integration with Datadog
  • #5250 [hybrid-analysis] Migrate connector to be connector manager supported

Bug Fixes:

  • #6532 [opencti] Dataset URL fields render as CONFIG_*_FILE_URL - Unsupported in the Manager UI
  • #6530 [crowdstrike] Indicator pagination is broken - only the first page (1000 records) is fetched per run
  • #6508 [misp] IPv4 CIDR ranges (e.g. 192.168.0.0/24) are mis-tagged as IPv6 observables
  • #6419 ransomwarelive: Reports persist with empty Marking because TLP:WHITE SDO is missing from emitted bundle
  • #6324 [tenable-vuln-management] Connector crashes when asset is missing operating_system field
  • #6141 Intel471 V2 connector doesn't work when specifying proxy
  • #6027 [SentinelOne Incidents]: Improve external import sentinel one incidents
  • #5144 [TeamT5] time data does not match format '%Y-%m-%d %H:%M:%S

Pull Requests:

  • [import-doc-ai] Add xtm-one support by @richard-julien in #6410
  • [import-document/ai] Remove associated entity author (#14105) by @JeremyCloarec in #5644
  • [misp] Tag IPv4 CIDR ranges as IPv4 observables instead of IPv6 by @goodlandsecurity in #5962
  • [opencti] Update connector to be manager_supported by @JeremyCloarec in #5916
  • [ransomwarelive] Add Threat Actor / Intrusion Set / Campaign / Report propagation + TLP standardisation by @nolan-777 in #5590
  • [ipqs] Integrate IPQS Malware File Scanner into the existing connector by @SamuelHassine in #6395
  • [teamt5] Rewrite connector on connectors-sdk Pydantic settings and shared handler architecture by @maximus-debski in #5630
  • [restore-files] Improve missing resolution speed using files cache by @richard-julien in #5719
  • [digintlab-dep] Refactor into modules and add configurable primary-object type by @SamuelHassine in #6511
  • [mitre] Fix kill chain phases order for ATT&CK v19 Stealth & Defense Impairment tactics by @Aditi-24-05 in #6509
  • [crowdstrike] Add motivations and adversary type as labels on IntrusionSet by @Copilot in #6129
  • [import-doc-ai] Improve support for XTM One agent (#6411) by @richard-julien in #6513
  • [assemblyline] Add new internal-enrichment connector for AssemblyLine 4 sandbox analysis by @SamuelHassine in #6429
  • [tool] chore(deps): Update dependency pytest from 8.4.2 to 9.0.3 in /external-import/opencti/tests by @dependabot[bot] in #6515
  • [tool] chore(deps): Update dependency pytest from 8.4.0 to 9.0.3 in /stream/sentinelone-intel/tests by @dependabot[bot] in #6516
  • [intel471] Fix proxy URL handling in V2 connector by @sneaky-maple in #6142
  • [tool] chore(deps): Update dependency google-auth-oauthlib to v1.4.0 by @renovate[bot] in #6459
  • [datadog] Add Datadog Cloud SIEM external-import connector by @nick-pete in #5601
  • [sentinelone-incidents] Add import start date and harden incident conversion by @EQM-Filigran in #6016
  • [stream-importer] Discard files already processed by @axelfahy in #6040
  • [Github Instructions]: add guideline for Note.generate_id by @Ninoxe in #6519
  • [tool] chore(deps): Update dependency googleapis-common-protos to v1.75.0 by @renovate[bot] in #6521
  • [tool] chore(deps): Update dependency idna to v3.16 by @renovate[bot] in #6522
  • [vulncheck] Stream STIX bundles and add Reports for advisory sources by @SamuelHassine in #6518
  • [tenable-vuln-management] fix: make operating system optional in Asset model (#6324) by @ncarenton in #6506
  • [Google TI Feeds] Add IOC indicators import pipeline by @jabesq in #6355
  • [opencti] Expose dataset URL fields as plain str so the Manager UI can render them by @SamuelHassine in #6533
  • [crowdstrike] Fix indicator pagination by using _marker deep pagination by @SamuelHassine in #6531
  • [connectors-sdk] Add Tool entity model by @jabesq in #6528
  • [Repository] Make Codecov patch coverage blocking (#6534) by @ncarenton in #6535
  • [hybrid-analysis-sandbox] Update connector to be "manager_supported" by @Powlinett in #6507
  • [tool] chore(deps): Update dependency imap-tools to v1.13.0 by @renovate[bot] in #6537
  • [tool] chore(deps): Update dependency msgraph-sdk to v1.58.0 by @renovate[bot] in #6538
  • [threat-actor-enrichment] Add connector to fix stale last_seen on threat actor groups by @MrStarkEG in #6044
  • [polyswarm] Add enrichment and sandbox internal-enrichment connectors by @SamuelHassine in #6541
  • [scoring-calculator] Add scoring calculator internal-enrichment connector by @Lhorus6 in #6060
  • [Google TI] Import IOCs - Fixes by @romain-filigran in #6539
  • [connector-sdk] Set tool_types as optional for Tool Model (#6457) by @jabesq in #6544

New Contributors:

Full Changelog: 7.260522.0...7.260527.0

Check out latest releases or
releases around OpenCTI-Platform/connectors 7.260527.0

Don't miss a new connectors release

NewReleases is sending notifications on new releases.

Get notifications