Installation documentation:
https://intelmq.readthedocs.io/en/maintenance/user/installation.html
Upgrade documentation:
https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html
Core
intelmq.lib.harmonization
:TLP
type: accept value "yellow" for TLP level AMBER.
Bots
Collectors
intelmq.bots.collectors.shadowserver.collector_reports_api
:- Handle timeouts by logging the error and continuing to next report (PR#1852 by Marius Karotkis and Sebastian Wagner, fixes #1823).
Parsers
intelmq.bots.parsers.shadowserver.config
:- Parse and harmonize field
end_time
as date in Feeds "Drone-Brute-Force" and "Amplification-DDoS-Victim" (PR#1833 by Mikk Margus Möll). - Add conversion function
convert_date_utc
which assumes UTC and sanitizes the data to datetime (by Sebastian Wagner, fixes #1848).
- Parse and harmonize field
intelmq.bots.parsers.shadowserver.parser_json
:- Use the overwrite parameter for optionally overwriting the "feed.name" field (by Sebastian Wagner).
intelmq.bots.parsers.microsoft.parser_ctip
:- Handle fields
timestamp
,timestamp_utc
,source_ip
,source_port
,destination_ip
,destination_port
,computer_name
,bot_id
,asn
,geo
inPayload
of CTIP Azure format (PR#1841, PR#1851 and PR#1879 by Sebastian Wagner).
- Handle fields
intelmq.bots.parsers.shodan.parser
:- Added support for unique keys and verified vulns (PR#1835 by Mikk Margus Möll).
intelmq.bots.parsers.cymru.parser_cap_program
:- Fix parsing in whitespace edge case in comments (PR#1870 by Alex Kaplan, fixes #1862).
Experts
intelmq.bots.experts.modify
:- Add a new rule to the example configuration to change the type of malicious-code events to
c2server
if the malware name indicates c2 (PR#1854 by Sebastian Wagner).
- Add a new rule to the example configuration to change the type of malicious-code events to
intelmq.bots.experts.gethostbyname.expert
:- Fix handling of parameter
gaierrors_to_ignore
with valueNone
(PR#1890 by Sebastian Wagner, fixes #1886).
- Fix handling of parameter
Outputs
intelmq.bots.outputs.elasticsearch
: Fix log message on required elasticsearch library message (by Sebastian Wagner).
Documentation
dev/data-harmonization
: Fix taxonomy name "information gathering" should be "information-gathering" (by Sebastian Wagner).
Tests
intelmq.tests.bots.parsers.microsoft.test_parser_ctip_azure
:- Add test case for TLP level "YELLOW".
Known issues
- ParserBot: erroneous raw line recovery in error handling (#1850).