github thalesgroup-cert/Watcher v2.2.0
on GitHub

latest releases: v2.4, v2.3
2 months ago

v2.2.0

This release focuses on a complete overhaul of the MISP integration, improved code modularity, and the resolution of several front-end and dependency issues. It also addresses important issues such as #2 (creating MISP objects instead of attributes) and #206 (HTTP 500 errors when exporting IOC), improving overall export reliability and functionality. These updates aim to increase stability, maintainability, and flexibility when using Watcher with MISP.

Update Procedure

Please follow this process :

  1. Pull the latest Docker image from the repository.
  2. Apply any migrations: 
    docker compose down
docker compose run watcher bash
python manage.py migrate
  3. Update your .env file:
    • Check MISP_URL, MISP_KEY, and MISP_VERIFY_SSL.
  4. Rebuild and restart containers with : 
    docker compose down
docker compose up

[WARNING] If you were using custom scripts for MISP export, you will need to adapt them to the new common.misp module.

What’s Changed

MISP Integration Redesign

  • New centralized MISP logic: The common module now handles all MISP-related interactions by @ygalnezri in #207
  • Shared MISP module across all features (e.g. dns_finder, website_monitoring), avoiding code duplication.
  • Possibility to specify a MISP Event UUID when exporting IOCs:

    • If the UUID exists, Watcher will detect and update the corresponding event.

    • Full support for both automatic and manual updates.

    • Enhanced export logic for MISP objects with support for object creation (e.g., domain, ip-port).

      This redesign addresses key issues including #2 (creating MISP objects instead of attributes) and #206 (HTTP 500 error when exporting IOC in Twisted DNS finder).

For more details on the new MISP integration, the MISP Export section of the documentation has been fully updated: MISP Export

  • Change your variable name based on the new .env format: the setting has been renamed from ALLOWED_HOST to ALLOWED_HOSTS. You must now explicitly define it in .env (e.g., ALLOWED_HOSTS=localhost,127.0.0.1) to match your environment's domain list. This update ensures proper host validation in settings.py and prevents runtime errors during container startup by @ygalnezri in #185

Dependency and Security Updates

  • Fixed minor display issues detected during development
  • Bump @babel/runtime from 7.26.0 to 7.27.0 in /Watcher by @dependabot #189
  • Bump axios from 1.7.9 to 1.8.2 in /Watcher by @dependabot #190
  • Bump react-router and react-router-dom in /Watcher by @dependabot #191

Full Changelog: v2.1.4...v2.2.0

Check out latest releases or
releases around thalesgroup-cert/Watcher v2.2.0

Don't miss a new Watcher release

NewReleases is sending notifications on new releases.

Get notifications