Installation instructions:
https://github.com/certtools/intelmq/blob/1.0.5/docs/INSTALL.md
Upgrade instructions:
https://github.com/certtools/intelmq/blob/1.0.5/docs/UPGRADING.md
Core
lib/message
:Report()
can now create a Report instance from Event instances (#1225).lib/bot
:- The first word in the log line
Processed ... messages since last logging.
is now adaptible and set toForwarded
in the existing filtering bots (#1237). - Kills oneself again after proper shutdown if the bot is XMPP collector or output (#970). Previously these two bots needed two stop commands to get actually stopped.
- The first word in the log line
lib/utils
: log: set the name of thepy.warnings
logger to the bot name (#1184).
Bots
Collectors
bots.collectors.mail.collector_mail_url
: handle empty downloaded reports (#988).bots.collectos.file.collector_file
: handle empty files (#1244).
Parsers
- Shadowserver parser:
- SSL FREAK: Remove optional column
device_serial
and add several new ones. - Fixed HTTP URL parsing for multiple feeds (#1243).
- SSL FREAK: Remove optional column
- Spamhaus CERT parser:
- add support for
smtpauth
,l_spamlink
,pop
,imap
,rdp
,smb
,iotscan
,proxyget
,iotmicrosoftds
,automatedtest
,ioturl
,iotmirai
,iotcmd
,iotlogin
andiotuser
(#1254). - fix
extra.destination.local_port
->extra.source.local_port
.
- add support for
Experts
bots.experts.filter
: Pre-compile regex at bot initialization.
Tests
- Ensure that the bots did process all messages (#291).
Tools
intelmqctl
:intelmqdump
:- has now command completion for bot names, actions and queue names in interacive console.
- automatically converts messages from events to reports if the queue the message is being restored to is the source queue of a parser (#1225).
- is now capable to read messages in dumps that are dictionaries as opposed to serialized dicts as strings and does not convert them in the show command (#1256).
- truncated messages are no longer used/saved to the file after being shown (#1255).
- now again denies recovery of dumps if the corresponding bot is running. The check was broken (#1258).
- now sorts the dump by the time of the dump. Previously, the list was in random order (#1020).
Known issues
no known issues