Installation documentation:
https://intelmq.readthedocs.io/en/maintenance/user/installation.html
Upgrade documentation:
https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html
Core
intelmq.lib.upgrade:- Added
v233_feodotracker_browsefor Abuse.ch Feodotracker Browse parser configuration adaption (PR#1941 by Sebastian Wagner).
- Added
Bots
Parsers
intelmq.bots.parsers.microsoft.parser_ctip:- Add support for new field
SourceIpInfo.SourceIpv4Int(PR#1940 by Sebastian Wagner). - Fix mapping of "ConnectionType" fields, this is not
protocol.application. Now mapped toextra.*.connection_type(PR#1940 by Sebastian Wagner).
- Add support for new field
intelmq.bots.parsers.shadowserver._config:- Add support for the new feeds Honeypot-Amplification-DDoS-Events, Honeypot-Brute-Force-Events, Honeypot-Darknet, IP-Spoofer-Events, Sinkhole-Events, Sinkhole-HTTP-Events, Vulnerable-Exchange-Server, Sinkhole-Events-HTTP-Referer (PR#1950, PR#1952, PR#1953, PR#1954, PR#1970 by Birger Schacht and Sebastian Wagner, PR#1971 by Mikk Margus Möll).
Experts
intelmq.bots.experts.splunk_saved_search.expert:- fixed erroneous string formatting (PR#1960 by Karl-Johan Karlsson).
Outputs
intelmq.bots.outputs.smtp.output:- Handle empty "fieldnames" parameter by sending no attachment (PR#1932 by Sebastian Wagner).
Documentation
- Feeds:
- Fixed Abuse.ch Feodotracker Browse parser configuration (PR#1941 by Sebastian Wagner fixes #1938).
Tests
intelmq.bots.parsers.html_table:- Added testcase for Abuse.ch Feodotracker Browse (PR#1941 by Sebastian Wagner).
Tools
- intelmqsetup:
- Set ownershop of state file path and its parent directory (PR#1911 by Sebastian Wagner).
Known issues
- ParserBot: erroneous raw line recovery in error handling (#1850).