Version 6.4.8

Enhancements:

• #3287 [RST IoC Lookup] Create the connector
• #3286 [HuntIO] Create the connector
• #3284 [HuntIO] Add HuntIO in CI/CD
• #3279 [Flashpoint]: Enhance Flashpoint connector
• #2263 [Hygiene] Support CIDR and Partial Domains

Bug Fixes:

• #3290 [RST Report Hub] Missing generate id
• #3273 [Templates] Fix syntax error on entity_in_scope in template
• #3271 [All Connectors] Update CI and remove Ipsum connector from build 1
• #3260 [WIZ] - Connector code breaks the CI/CD because it uses test_requirements but has no tests
• #3096 [Flashpoint] interval not taken into account
• #2817 [RST Cloud - Threat Feed] The connector seems active, raises no errors, but nothing is imported
• #2767 [RST Cloud - Report Hub] Several issues

Pull Requests:

• [All Connectors] Update CircleCI by @helene-nguyen in #3272
• Update opencti/connector-wiz Docker tag to v6.4.7 by @renovate in #3264
• Update dependency boto3 to v1.35.98 by @renovate in #3265
• [Templates] Fix syntax error on entity_in_scope in template by @DucNg in #3249
• Update dependency google-api-python-client to v2.159.0 by @renovate in #3277
• Update dependency boto3 to v1.35.99 by @renovate in #3278
• [Hunt IO] Connector for importing C2 feed into OpenCTI by @m4r35 in #3033
• [RST IoC Lookup] Add RST IoC Lookup connector. + Fixes for Report Hub and Threat Feed by @k1r10n in #2864
• [RST Report Hub] Add missing generate id by @helene-nguyen in #3291
• [HuntIO] Add HuntIO in CI/CD by @helene-nguyen in #3285
• [Flashpoint]: Enhance Flashpoint connector by @romain-filigran in #3293
• Update dependency pytz to v2024.2 by @renovate in #3298
• Update dependency boto3 to v1.36.1 - autoclosed by @renovate in #3297
• Update dependency pycti to v6.4.7 by @renovate in #3302
• [CircleCI] Add Ipsum in CI for build_1 by @helene-nguyen in #3305

New Contributors:

• @m4r35 made their first contribution in #3033

Full Changelog: 6.4.7...6.4.8

Version 6.4.7

Enhancements:

• #3248 [flashpoint] Enhance default behaviour when importing communities
• #3243 [Orange CyberDefense] Improve OCD Connector
• #3226 [Zscaler] Stream Connector Circleci
• #2665 [ransomware.live] improvements
• #1419 [Zscaler] Create the connector for ZIA

Bug Fixes:

• #3238 [taxii2] Bug fixes + Change Report Status
• #3237 [eset] Add x_opencti_main_observable_type when missing from atomic indicators
• #3225 [RST Noise Control] unsupported operand type(s) for +: 'NoneType' and 'str'

Pull Requests:

• Update opencti/connector-google-secops-siem Docker tag to v6.4.6 by @renovate in #3233
• Update opencti/connector-stream-exporter Docker tag to v6.4.6 by @renovate in #3234
• [eset] FIX: Add x_opencti_main_observable_type when missing from atomic indicators by @ckane in #3013
• [taxii2] Bug fixes + Change Report Status by @annoyingapt in #3036
• Update opencti/connector-stream-importer Docker tag to v6.4.6 by @renovate in #3239
• Update dependency boto3 to v1.35.95 by @renovate in #3240
• Update dependency minio to v7.2.14 by @renovate in #3241
• Update opencti/connector-recorded-future Docker tag to v6.4.6 by @renovate in #3242
• [Orange CyberDefense] MRTI-6741 - OCD Connector by @ClaireOrange in #3236
• [Zscaler] Stream Connector by @MohamedMerimi in #3007
• [Zscaler] Stream Connector add Circleci by @Megafredo in #3227
• Improve ransomware.live connector by @seanthegeek in #2746

New Contributors:

• @ClaireOrange made their first contribution in #3236
• @MohamedMerimi made their first contribution in #3007
• @seanthegeek made their first contribution in #2746

Full Changelog: 6.4.6...6.4.7

Version 6.4.6

Enhancements:

• #3228 [stream replication] first version of connectors
• #3215 [greynoisefeed] remove dedup function, add batching for bundle create and submit
• #2965 [Google SecOps SIEM]: Develop an integration
• #2841 [Ransomwarelive] ingests victims with asterisks in the title

Bug Fixes:

• #3206 [Intel471 V1] Issue when upgrading Titan library
• #3195 [RecordedFuture] The connector stops ingesting data if an error (401, 403, ...) occurs while ingesting RF Alerts playbooks
• #3189 [ALL] Renovate Pydantic version to >=2.8.2
• #3184 Connector "Common Vulnerabilities and Exposures" stucked
• #3174 [VirusTotal] invalid literal for int() with base 10: '10 creation'
• #3172 VirusTotal Livehunt Notifications plyara - no attribute logger
• #3169 [Recorded Future] Incident not created on first launch, but created on second launch
• #3168 [Recorded Future] Formatting error prevents incident creation
• #3165 [Sentinel-Incidents]: Documentation screenshots not available
• #3164 [Google-secops-siem] Error path in CircleCI the working directory
• #3153 [HARFANGLAB-INCIDENTS] AttributeError: 'NoneType' object has no attribute 'name'
• #3151 [Flashpoint] Non-predictive STIX ID for Channels
• #3129 [Mandiant]: CTI data quality impacted by Mandiant connector
• #3104 [Shadowserver] ERROR type object 'Vulnerability' has no attribute 'generate_id'

Pull Requests:

• [Google SecOps SIEM] Create Google SecOps SIEM connector by @helene-nguyen in #3100
• [Google-secops-siem] Fix path in CircleCI the working directory by @Megafredo in #3166
• Update dependency domaintools-api to v2.2.0 by @renovate in #3157
• Update dependency google-api-python-client to v2.156.0 by @renovate in #3158
• Update dependency boto3 to v1.35.84 by @renovate in #3161
• Update dependency pycti to v6.4.5 by @renovate in #3162
• Update opencti/connector-harfanglab-intel Docker tag to v6.4.5 by @renovate in #3160
• Update opencti/connector-intel471_v2 Docker tag to v6.4.5 by @renovate in #3163
• Update dependency certifi to v2024.12.14 by @renovate in #3144
• Update dependency pycti to v6.4.5 by @renovate in #3171
• Update dependency boto3 to v1.35.85 by @renovate in #3170
• Migrate renovate config by @renovate in #3173
• Update dependency boto3 to v1.35.86 by @renovate in #3178
• Update dependency Jinja2 to v3.1.5 by @renovate in #3179
• [Mandiant]: Invalid "originates-from" relationships by @romain-filigran in #3182
• [Sentinel Incidents] Fix documentation images by @Powlinett in #3181
• Update dependency boto3 to v1.35.87 by @renovate in #3185
• [Recorded Future] Handle properly incident ID generation and created and updated dates + correct markdown format by @helene-nguyen in #3186
• VirusTotal Livehunt Notifications plyara - no attribute logger by @romain-filigran in #3183
• [HarfangLab Intel] Update HarfangLab config.yml.sample by @romain-filigran in #3024
• [HARFANGLAB INCIDENTS] - Unsafe Alert Process attributes access when creating File by @flavienSindou in #3187
• [ALL] - Renovate pydantic version >= 2.8.2 by @flavienSindou in #3190
• Update dependency prometheus-client to ~=0.21.1 by @renovate in #3193
• Update dependency pydantic to < 3.0.0 by @renovate in #3191
• Update dependency weasyprint to v63 by @renovate in #3199
• Update dependency google-auth to v2.37.0 by @renovate in #3196
• Update dependency reversinglabs-sdk-py3 to v2.8.0 by @renovate in #3192
• Update dependency boto3 to v1.35.90 by @renovate in #3202
• [Intel471] Downgrade Titan-Client lib version to 1.20.0.4 by @helene-nguyen in #3207
• Update dependency google-api-python-client to v2.157.0 by @renovate in #3208
• Update dependency boto3 to v1.35.92 by @renovate in #3214
• [greynoisefeed] remove dedup function, add batching for bundle create and submit by @bradchiappetta in #2812
• Update dependency boto3 to v1.35.93 by @renovate in #3217
• [Recorded Future] Handle properly playbook alerts errors to not block the connector by @helene-nguyen in #3213
• [stream replication] first version of connectors by @axelfahy in #2730
• [Shadowserver] Fix shadowserver and add additional pytests #3104 by @cmandich in #3141
• Implementation of the TLP:AMBER+STRICT marking on multiple connectors: by @Lhorus6 in #3143

Full Changelog: 6.4.5...6.4.6

Version 6.4.5

Enhancements:

• #3137 [Intel471_v2] Creating the intel471_v2 connector
• #2847 [Tenable Security Center] Create the connector
• #2591 [Zvelo] Create a connector to download Zvelo intel

Bug Fixes:

• #3145 [MISP] Timestamp issue
• #3135 [Harfanglab-incident] TypeError
• #3127 [CircleCI] Add a build_4
• #3123 [Harfang lab incidents]: Add connector image to docker hub
• #3122 [Harfang Lab intel]: Add connector image to docker hub
• #3061 [crowstrike] Cannot process the message
• #2997 [Tenable] Error while importing data
• #2828 [Zerofox] Title indicator and country structure to be corrected
• #2825 The Hive importing wrong data

Pull Requests:

• Limit renovate PRs to nights and weekend by @aHenryJard in #3120
• [Tenable Vuln Management] - Integrate source api changes by @flavienSindou in #3081
• [Harfanglab-Intel] Add publish docker image by @Megafredo in #3124
• [The Hive] - Change confusing logger level by @flavienSindou in #3069
• [Harfanglab-Incidents] Add publish docker image by @Megafredo in #3126
• [CircleCI] Add a build_4 and build_rolling_4 (Bug #3127) by @Megafredo in #3128
• [Zerofox] Add format changes to malware endpoint and country entities by @DNRRomero in #2988
• Update dependency boto3 to v1.35.80 by @renovate in #3133
• Update dependency google-api-python-client to v2.155.0 by @renovate in #3113
• Update dependency boto3 to v1.35.81 by @renovate in #3142
• Update dependency boto3 to v1.35.82 by @renovate in #3148
• Adding Intel 471 Connector v2 by @mmolenda in #3146
• [Intel471_v2] Adding intel471v_v2 in CircleCI by @Megafredo in #3138
• [Tenable Security Center]: Connector Initial Creation by @flavienSindou in #3044
• [Zvelo] Create a connector to download Zvelo intel by @romain-filigran in #3121
• [Harfanglab incidents] feat: configuration loader raises explicit error if missing required variables by @flavienSindou in #3149

Full Changelog: 6.4.4...6.4.5

Version 6.4.4

Bug Fixes:

• #3103 [Orange Cyber Defense] Fix bug in WorldWatch report entities crawling
• #3090 [MISP] Update default MISP docker-compose.yml to avoid confusion
• #3087 [Import Document] Update importDocument docker-compose.yml
• #2938 [RecordedFuture]: Exceptions observed during import of Analyst Notes

Pull Requests:

• Update importDocument docker-compose.yml by @romain-filigran in #3016
• Update default MISP docker-compose.yml to avoid confusion by @romain-filigran in #3063
• Update dependency reversinglabs-sdk-py3 to v2.7.2 by @renovate in #3088
• Update dependency wheel to v0.45.1 by @renovate in #3089
• [Recorded Future] handle exception raised when no attachment and no object_refs to report by @helene-nguyen in #3079
• [TEMPLATE] create init script by @Renizmy in #3030
• [CrowdStrike-Endpoint-Security] Fixing severity map bug by @al0rd25l in #3093
• Update dependency plyara to ~=2.2.1 by @renovate in #3094
• Update dependency google-api-core to v2.24.0 by @renovate in #3097
• Update dependency playwright to v1.49.1 by @renovate in #3102
• Update dependency boto3 to v1.35.78 by @renovate in #3101
• [Connector] Fix bug in WorldWatch report entities crawling by @cert-orangecyberdefense in #3051

New Contributors:

• @al0rd25l made their first contribution in #3093

Full Changelog: 6.4.3...6.4.4

Version 6.4.3

Enhancements:

• #3082 [Feedly] use source name as author
• #3078 [Loader Insight Agency File Feed]: Create a connector
• #3064 [Tagger] Add a capacity to the Tagger connector
• #2663 Add new filter in CrowdStrike TI connector

Bug Fixes:

• #3071 [ALL] : Unit tests appear as OK even though non-zero exit status code
• #2972 [Mandiant] No Author on Vulnerability reports
• #2949 [recorded-future] Work is not processed/closed if nothing to ingest
• #2892 [Mandiant] Connector does not show accurate progess, and ingests reports very slowly
• #2756 [CrowdStrike] Use modified date instead of created date when getting reports
• #2735 Fix description when exporting pdf in a IR case
• #2540 [crtsh] Several blocking problems
• #2469 [importDocument] - Unable to extract information from PDF with a watermarking image

Pull Requests:

• [Crowdstrike] Replace latest modified report date filter instead of created date by @helene-nguyen in #3048
• [ImportDocument] Fix create workbench for observables (opencti/9136) by @SouadHadjiat in #3058
• Update dependency boto3 to v1.35.72 by @renovate in #3057
• [ExportReportPdf] list params fixed (#9082) by @ValentinBouzinFiligran in #3040
• Create a connector for the Loader Insight Agency File Feed by @LIA-Intel in #2793
• [CrowdStrike] Add new filter: CROWDSTRIKE_REPORT_TARGET_INDUSTRIES by @Lhorus6 in #3022
• [ExportReportPdf] Convert entity's description from markdown to HTML by @Powlinett in #2994
• [Mandiant] Fix status complete on the progress bar for reports by @Megafredo in #3046
• [ImportDocument] Fix parsing of watermarked PDF files by @Powlinett in #3029
• Update dependency vt-py to v0.19.0 by @renovate in #3059
• Update dependency prometheus-client to v0.21.1 by @renovate in #3067
• [crtsh] fix import issues by @Powlinett in #3053
• Update dependency pycti to v6.4.2 by @renovate in #3068
• [All] - unit tests appear as ok even though non zero exit status code by @flavienSindou in #3073
• [LIAFileFeed] add connector to circleci by @Powlinett in #3070
• [Recorded Future] Handle work to be processed properly for each module by @helene-nguyen in #3076
• [Feedly connector] use source name as author by @Mathieu4141 in #2971
• [Tagger] Add a capacity to the Tagger connector by @Lhorus6 in #3065
• Update dependency six to v1.17.0 by @renovate in #3077
• Update dependency cmarkgfm to v2024.11.20 by @renovate in #3066
• Update dependency boto3 to v1.35.76 by @renovate in #3084

New Contributors:

• @LIA-Intel made their first contribution in #2793

Full Changelog: 6.4.2...6.4.3

Version 6.3.14

No changelog for this release.

Full Changelog: 6.3.13...6.3.14

Version 6.4.2

Bug Fixes:

• #3042 [Sentinel-Intel] Missing init retries_builder for handle 429
• #3032 [sentinel-intel] JWT token expire after two hours and is not renewed
• #3025 [Recorded Future] Issue on getting data from RF Alerts
• #3001 [Mandiant] Crash if the state is empty
• #2989 [RecordedFuture] Unexpected error
• #2980 [Crowdstrike-Security-Endpoint] Error while processing indicator
• #2868 [MISP] Mapping error on relationships Source = Target = ?

Pull Requests:

• [Recorded Future] Fix error when getting priority alerts for when getting Alerts by @helene-nguyen in #3009
• [REVERSINGLABS] Update Spectra Analyze connector v1.1.0 by @MislavReversingLabs in #3008
• Update dependency boto3 to v1.35.67 by @renovate in #3006
• Update dependency pycti to v6.4.1 by @renovate in #3011
• [Recorded Future] Fix unexpected error RF empty incidents by @helene-nguyen in #3017
• [Recorded Future] Fix error when getting priority alerts for when getting Alerts by @helene-nguyen in #3019
• [Crowdstrike] Improve condition in Crowdstrike stream by @helene-nguyen in #3014
• [MISP-FEED] Add documentation + fix conf parsing by @Renizmy in #3012
• [Recorded Future] Fix import incidents for RF alerts by @helene-nguyen in #3026
• Update dependency playwright to v1.49.0 by @renovate in #3021
• [Misp] Fix error of relation having same ref for source and target by @Megafredo in #2993
• [Sentinel-Intel] Fix Error 401 Unauthorized by @Megafredo in #3041
• [Mandiant] fix: infinitely crashes if the state is empty by @flavienSindou in #3018
• [Sentinel-Intel] Fix missing init retries_builder by @Megafredo in #3043
• Update dependency APScheduler to ~=3.11.0 by @renovate in #3037

New Contributors:

• @MislavReversingLabs made their first contribution in #3008

Full Changelog: 6.4.1...6.4.2

Version 6.4.1

Enhancements:

• #2895 OpenCTI internal-enrichment/ipinfo connector, ASN field missing from enrichments
• #2747 Need filtering capability to limit number of records

Pull Requests:

• Update dependency pycti to v6.4.0 by @renovate in #2990
• Update dependency boto3 to v1.35.65 by @renovate in #2991
• [Mitre] Add default for interval, as the documentation states. by @fslds in #2995
• [Taxii2] Update of code by @annoyingapt in #2894
• [Connectors] Re add missing generate_id arguments by @helene-nguyen in #2920
• [Shodan] Created config to use ISP name for ASN name. by @annoyingapt in #2936
• [IpInfo] Added extraction of asn data from org field by @annoyingapt in #2911
• [Connectors] Move Qradar in another build by @helene-nguyen in #2999
• Update dependency google-api-python-client to v2.154.0 by @renovate in #3000

New Contributors:

• @fslds made their first contribution in #2995

Full Changelog: 6.4.0...6.4.1

Version 6.4.0

Bug Fixes:

• #2983 [Mandiant] Unexpected properties for stix2 Note
• #2980 [Crowdstrike-Security-Endpoint] Error while processing indicator
• #2978 [CI] CircleCI failing in tests due to Numpy unsupported version for Python 3.12
• #2977 [Connectors] When pulling Splunk docker image after release, context build error

Pull Requests:

• Update opencti/connector-riskiq-passive-total Docker tag to v6.3.13 by @renovate in #2975
• Update dependency boto3 to v1.35.63 by @renovate in #2976
• fix: revert to 3.11 for CI tests by @flavienSindou in #2981
• [Harfanglab Intel] Create a stream connector to replace current Harfanglab connector by @Powlinett in #2941
• [urlscan-enrichment] Return empty array instead of None when no ASN found by @DucNg in #2966
• [Mandiant] Update stix2 Note by @Megafredo in #2984
• [connector] Improve condition in Crowdstrike stream by @helene-nguyen in #2985
• [connector] Fix CI for Splunk connector to not pull Qradar entrypoint by @helene-nguyen in #2986
• Update MISP lists in hygiene connector by @baptiste-fourmont in #2839

New Contributors:

• @DucNg made their first contribution in #2966
• @baptiste-fourmont made their first contribution in #2839

Full Changelog: 6.3.13...6.4.0