General changes
- It's now configurable how often the bots are logging how much events they have sent, based on both the amount and time. (fixes #743)
- switch from pycodestyle to pep8
Configuration
- Added
log_processed_messages_count
(500) andlog_processed_messages_seconds
(900) to defaults.conf. http_timeout
has been renamed tohttp_timeout_sec
andhttp_timeout_max_tries
has been added.
This setting is honored by bots.collectors.http.* and bots.collectors.mail.collector_mail_url, bots.collectors.rt (onlyhttp_timeout_sec
), bots.outputs.restapi.output and bots.experts.ripencc_abuse_contact
Documentation
- Minor fixes
- Dropped install scripts, see INSTALL.md for more detailed instructions and explanations
- Better structure of INSTALL.md
- Better documentation of packages
Tools
Core
- fix bug which prevented dumps to be written if the file did not exist (#986)
- Fix reload of bots regarding logging
- type annotions for all core libraries
Bots
- added bots.experts.idea, bots.outputs.files
- possibility to split large csv Reports into Chunks, currently possible for mail url and file collector
- elasticsearch output supports HTTP Basic Auth
- bots.collectors.mail.collector_mail_url and bots collectors.file.collector can split large reports (#680)
- bots.parsers.shadowserver support the VNC feed
- handling of HTTP timeouts, see above #859
- bots.parsers.bambenek saves the malware name
- bots.parsers.fraunhofer.parser_dga saves the malware name
- bots.parsers.shadowserver handles NULL bytes
- bots.parsers.abusech.parser_ransomware handles the IP 0.0.0.0 specially
Harmonization
- New field named
output
to support export to foreign formats