Installation documentation:
https://github.com/certtools/intelmq/blob/2.2.2/docs/INSTALL.md
Upgrade documentation:
https://github.com/certtools/intelmq/blob/2.2.2/docs/UPGRADING.md
Core
intelmq.lib.upgrades
:- Add upgrade function for renamed Shadowserver feed name "Blacklisted-IP"/"Blocklist".
Bots
Parsers
intelmq.bots.parsers.shadowserver
:- Rename "Blacklisted-IP" feed to "Blocklist", old name is still valid until IntelMQ version 3.0 (PR#1588 by Thomas Hungenberg).
- Added support for the feeds
Accessible Radmin
andCAIDA IP Spoofer
(PR#1600 by sinus-x).
intelmq.bots.parsers.anubisnetworks.parser
: Fix parsing error wheredst.ip
was not equal tocomm.http.host
.intelmq/bots/parsers/danger_rulez/parser
: correctly skip malformed rows by defining variables before referencing (PR#1601 by Tomas Bellus).- `intelmq.bots.parsers.misp.parser: Fix MISP Event URL (#1619, PR#1618 by Nedfire23).
intelmq.bots.parsers.microsoft.parser_ctip
:- Add support for
DestinationIpInfo.*
andSignatures.Sha256
fields, used by thectip-c2
feed (PR#1623 by Mikk Margus Möll). - Use
extra.payload.text
for the feed's fieldPayload
if the content cannot be decoded (PR#1610 by Giedrius Ramas).
- Add support for
Experts
intelmq.bots.experts.cymru_whois
:- Fix cache key calculation which previously led to duplicate keys and therefore wrong results in rare cases. The cache key calculation is intentionally not backwards-compatible (#1592, PR#1606).
- The bot now caches and logs (as level INFO) empty responses from Cymru (PR#1606).
Documentation
- README:
- Add Core Infrastructure Initiative Best Practices Badge.
- Bots:
- Generic CSV Parser: Add note on escaping backslashes (#1579).
- Remove section of non-existing "Copy Extra" Bot.
- Explain taxonomy expert.
- Add documentation on n6 parser.
- Gethostbyname expert: Add documentation how errors are treated.
- Feeds:
- Fixed bot modules of Calidog CertStream feed.
- Add information on Microsoft CTIP C2 feed.
Packaging
- In Debian packages,
intelmqctl check
andintelmqctl upgrade-config
are executed in the postinst step (#1551, PR#1624 by Birger Schacht).
Tests
intelmq.tests.lib.test_pipeline
: SkipTestAmqp.test_acknowledge
on Travis with Python 3.8.intelmq.tests.bots.outputs.elasticsearch.test_output
: Refresh indexintelmq
manually to fix random test failures (#1593, PR#1595 by Zach Stone).
Tools
intelmqctl check
:- For disabled bots which do not have any pipeline connections, do not raise an error, but only warning.
- Fix check on source/destination queues for bots as well the orphaned queues.
Contrib
- Bash completion scripts: Check both
/opt/intelmq/
as well as LSB-paths (/etc/intelmq/
and/var/log/intelmq/
) for loading bot information (#1561, PR#1628 by Birger Schacht).