Releases: OpenCTI-Platform/connectors
Releases · OpenCTI-Platform/connectors
Version 6.5.5
9f6f0ac
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Enhancements:
- #3514 [IPSum] Connector needs improvements
Bug Fixes:
- #3580 [PAN Cortex XSOAR] Update not working and missing attributes / TLPs
- #3528 CrowdStrike connector's message size incompatible with RabbitMQ 4.0
Pull Requests:
- Update dependency Jinja2 to v3.1.6 [SECURITY] by @renovate in #3569
- [IPSum] Connector needs improvements by @romain-filigran in #3517
- Update dependency boto3 to v1.37.7 by @renovate in #3560
- Update dependency google-api-python-client to v2.163.0 by @renovate in #3576
- Update opencti/connector-bambenek Docker tag to v6.5.4 by @renovate in #3577
Full Changelog: 6.5.4...6.5.5
Contributors
renovate and romain-filigran
Assets 2
Version 6.5.4
9ba5dfd
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Enhancements:
- #3523 [stream-importer] refine metrics
- #3513 [Ransomware.live] Update to use API v2
- #3476 [attribution-tools] Install gfortran, openblas, xsimd
- #3465 [ThreatMatch] refacto: code improvements
- #3352 [MISP] Support PAP markings, use TLP:CLEAR
- #3205 Graphical items are missing in Malware Bazaar connector
- #3092 [Bambenek]: Create a connector for "Bambenek Consulting Feed"
- #3054 [Comlaude] improvements
Bug Fixes:
- #3556 [microsoft-defender-incidents]: Errors when converting “IPEvidence” containing IPv6 addresses
- #3544 [Tenable Vuln Management] : Inconsistent "pagination" presence in API response should be handled gracefully
- #3543 [Tenable Vuln Management] p-cpe URI format not handled (only cpe one)
- #3542 [Tenable Vuln Management] : last_scan_target attribute inconsistent presence in API response should be handled gracefully
- #3539 [microsoft-sentinel-incidents]: "NoneType" exception when converting HostEntity
- #3525 [Taxii2] Handling Int in Config
- #3524 [vulncheck ] Use append for SCOPE_SOFTWARE in vulncheck (nistnvd2 source)
- #3518 [tenable-vuln-management] Fails to start with KeyError: 'connector'
- #3516 [microsoft-sentinel-incidents] Error during imports related to the datetime format on the created field.
- #3511 [Bambenek] Fix Dockerfile for CI
- #3473 [tenable-vuln-management] Tenable API changes
- #3315 CISA KEV connector doesn't update objects
Pull Requests:
- [attribution-tools] Install gfortran, openblas, xsimd by @ckane in #3115
- Update dependency PyGithub to v2.6.1 by @renovate in #3471
- [Comlaude] connector improvements by @MohamedMerimi in #3459
- [urlscan-enrichment] Make indicator creation optional by @DucNg in #3139
- Update dependency boto3 to v1.37.0 by @renovate in #3479
- Update dependency crowdstrike-falconpy to v1.4.7 by @renovate in #3482
- Update dependency dateparser to v1.2.1 by @renovate in #3483
- Update dependency plyara to v2.2.8 by @renovate in #3485
- Update dependency pycti to v6.5.3 by @renovate in #3486
- Update dependency pydantic to v2.10.6 by @renovate in #3487
- Update dependency reversinglabs-sdk-py3 to v2.8.3 by @renovate in #3488
- Update dependency ruff to v0.9.7 by @renovate in #3489
- Update dependency vulncheck-sdk to v0.0.8 by @renovate in #3490
- Update opencti/connector-microsoft-defender-incidents Docker tag to v6.5.3 by @renovate in #3491
- [Bambenek] create bambenek connector by @larryfinch in #3280
- Update dependency google-api-python-client to v2.162.0 by @renovate in #3507
- [ThreatMatch] Added Beautifulsoup parsing and cleaned up code by @pietrocapece in #3047
- [Ransomware.live] Update to use API v2 by @JMousqueton in #3258
- [Bambenek] Fix Dockerfile for CI by @helene-nguyen in #3512
- Update dependency pycti to v6.5.3 by @renovate in #3508
- Improvement - Ipsum by @baptiste-fourmont in #3456
- [MISP] handle PAP markings, use TLP:CLEAR instead of TLP:WHITE by @debelyoo in #3354
- Update dependency beautifulsoup4 to v4.13.3 by @renovate in #3520
- Update dependency domaintools-api to v2.3.0 by @renovate in #3521
- [stream-importer] refine metrics by @axelfahy in #3342
- [vulncheck ] Use append for SCOPE_SOFTWARE in vulncheck (nistnvd2 source) by @giacomovitangeli in #3492
- [MalwareBazaar] Add SHA256 Indicators and visual change by @Noxurge in #3311
- [Taxii2] Handling Int in Config by @annoyingapt in #3448
- [All connectors] Remove remaining confidence_level in many connectors by @Powlinett in #3526
- Update dependency boto3 to v1.37.4 by @renovate in #3530
- [microsoft-sentinel-incidents] Error during imports related to the datetime format on the created field. by @romain-filigran in #3527
- [microsoft-sentinel-incidents]: "NoneType" exception when converting HostEntity by @romain-filigran in #3540
- [Tenable Vuln Management] fix: Connector config loader only works with config.yaml by @flavienSindou in #3541
- [Tenable Vuln Management] fix: Unhandled CPE URI formats should be skipped by @flavienSindou in #3545
- [Tenable Vuln Management] fix: inconsistent pagination section presence in response api should be handled gracefully by @flavienSindou in #3546
- [Tenable Vuln Management] fix: last_scan_target attribute inconsistent presence in API response should be handled gracefully by @flavienSindou in #3547
- Update dependency isort to v6.0.1 by @renovate in #3534
- Update dependency googleapis-common-protos to v1.69.0 by @renovate in #3550
- Update dependency boto3 to v1.37.5 by @renovate in #3551
- Update dependency pytest to v8.3.5 by @renovate in #3552
- Update dependency ruff to v0.9.9 by @renovate in #3553
- Update opencti/connector-microsoft-sentinel-incidents Docker tag to v6.5.3 by @renovate in #3554
- Update dependency psutil to v7 by @renovate in #3555
- [microsoft-defender-incidents]: Errors when converting “IPEvidence” containing IPv6 addresses by @romain-filigran in #3557
New Contributors:
- @larryfinch made their first contribution in #3280
- @giacomovitangeli made their first contribution in #3492
- @Noxurge made their first contribution in #3311
Full Changelog: 6.5.3...6.5.4
Contributors
debelyoo, renovate, and 15 other contributors
Assets 2
Version 6.5.3
f40db6d
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Enhancements:
- #3449 [Templates] Update documentation and templates
- #3441 Refactor Sentinel and Defender Incidents import connectors
- #3435 [wiz]: Add a connector option to convert threat actor in intrusion-set
Bug Fixes:
- #3461 [Tenable Vuln Management]: Missing documentation for CONNECTOR_DURATION_PERIOD
- #3453 [sekoia]: Incorrect location mapping
- #3444 [Sentinel-Intel] SentinelApiHandler _send_request() returns None when an exception is caught
- #3424 [sentinel-intel]: Incorrect File indicator metadata sent to Azure Sentinel resulting in incorrect STIX Pattern
- #3423 [sentinel-intel]: The connector does not send MD5 and SHA-1-based indicators to Sentinel SIEM
- #3405 [GroupIB] doc: unaligned config var names between documentation and the code
- #3340 [CI/CD] - Drive CI/CD requirements via requirements file
- #3289 [Sentinel-intel] Bad management of updates and non-deletion
- #3177 Stream-Sentinel-Intel Connector Not Deleting Indicators from Defender
Pull Requests:
- Update dependency PyGithub to v2.6.0 by @renovate in #3436
- Update dependency simplejson to v3.20.1 by @renovate in #3437
- [defender/sentinel] Add new connectors, deprecate the existing one (#3441) by @SamuelHassine in #3442
- [wiz]: Add a connector option to convert threat actor in intrusion-set by @romain-filigran in #3438
- Update opencti/connector-proofpoint-et-intelligence Docker tag to v6.5.2 by @renovate in #3446
- [Sekoia] Fix geography mapping by @Darkheir in #3451
- [Templates] Update documentation + templates code by @helene-nguyen in #3450
- [sentinel-intel] Fix (MD5/SHA-1 support & Fix with file metadata) by @romain-filigran in #3425
- [Group IB] Update Group-IB connector by @Kchekh in #3411
- Update dependency boto3 to v1.36.24 by @renovate in #3454
- [Sentinel-Intel] Improve error handling in Sentinel API client by @Powlinett in #3445
- [tenable vuln management] fix: missing documentation for connector duration period by @flavienSindou in #3463
- [CI] fix: drive dependencies with fixed version by @flavienSindou in #3464
- Update dependency googleapis-common-protos to v1.68.0 by @renovate in #3468
Full Changelog: 6.5.2...6.5.3
Contributors
Darkheir, SamuelHassine, and 6 other contributors
Assets 2
Version 6.5.2
86bcf54
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Enhancements:
- #3429 [PAN Cortex XSOAR] Create a stream connector to create intels
- #3421 [import-files] Add markings support transfer from initial uploaded file
- #3385 Splunk App version 1.1.1
- #3176 [Sekoia] Retrieve the list of entity sources
- #3075 [Proofpoint ET]: Create an enrichment connector
- #1538 [Proofpoint TAP] Developing a connector
- #268 [IBM X-Force Exchange] Create the connector
Bug Fixes:
- #3409 [Zvelo] Issue on connector run due to code error
- #3372 [Zvelo]: Connector stops working if data is invalid or incorrectly formatted
- #3334 [virustotal-livehunt-notifications] Connector fails to start with
ModuleNotFoundError: import of time halted; None in sys.modules - #3263 [Recorded Future] Connector is creating relationships in the wrong direction
- #3245 [Recorded Future] Invalid valid_from/valid_until logic affecting decay mechanisms on OpenCTI Platform
- #3216 [Recorded Future] Another formatting error prevents incident creation
Pull Requests:
- Update dependency beautifulsoup4 to v4.13.3 by @renovate in #3397
- Update dependency isort to v6 by @renovate in #3369
- [Virustotal Livehunt Notifications] Fix ModuleNotFound error by @Powlinett in #3398
- [Zvelo] hot fix: connector stops working if processed data is invalid or incorrectly formatted by @flavienSindou in #3402
- [Proofpoint TAP] Init by @flavienSindou in #3387
- [Sekoia] Retrieve the list of entity sources by @Lhorus6 in #3299
- Update dependency pip-audit to ~=2.8.0 by @renovate in #3403
- Update dependency playwright to v1.50.0 by @renovate in #3404
- Update dependency pycti to v6.5.1 by @renovate in #3408
- [ProofPoint-ET-Intelligence] Create new enrichment connector by @Megafredo in #3392
- [Zvelo] Fix type error by @helene-nguyen in #3410
- Update dependency pycti to v6.5.1 by @renovate in #3412
- Update opencti/connector-import-file-yara Docker tag to v6.5.1 by @renovate in #3415
- Update opencti/connector-proofpoint-et-reputation Docker tag to v6.5.1 by @renovate in #3416
- Update dependency ruff to v0.9.6 by @renovate in #3414
- Update dependency PyYAML to v6.0.2 by @renovate in #3417
- Update dependency boto3 to v1.36.19 by @renovate in #3419
- [client] Add markings support for workbench by @richard-julien in #3401
- [reversinglabs-spectra-analyze] Add classification API support in workflow by @DinkoReversingLabs in #3420
- [Recorded Future] Fix unhashable dict issue by getting author ID by @helene-nguyen in #3422
- [VulnCheck] Initial Implementation of VulnCheck Connector by @maddawik in #3257
- Update dependency googleapis-common-protos to v1.67.0 by @renovate in #3427
- [Connectors] Fix valid_from date in some connectors + format files + correct relationships direction by @helene-nguyen in #3428
Full Changelog: 6.5.1...6.5.2
Contributors
richard-julien, renovate, and 7 other contributors
Assets 2
Version 6.5.1
7498f72
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Bug Fixes:
- #3394 [Connectors] Renaming safebrowsing to google-safebrowsing + correction on docker-compose.yml file
- #3351 Sentinel-Intel Connector Stopped Ingesting Data
Pull Requests:
- [Connectors] Renaming safebrowsing to google-safebrowsing + correction on some docker-compose.yml file by @helene-nguyen in #3395
- Update dependency pytz to v2025 by @renovate in #3370
- [SENTINEL-INTEL] fix: add explicit error when authentication fails by @flavienSindou in #3396
Full Changelog: 6.5.0...6.5.1
Contributors
renovate, flavienSindou, and helene-nguyen
Assets 2
Version 6.5.0
1531cd3
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Contributors
t-mtsmt
Assets 2
Version 6.4.11
0f4b30d
This commit was signed with the committer’s verified signature.
richard-julien
Julien Richard
No changelog for this release.
Pull Requests:
- Update dependency google-auth to v2.38.0 by @renovate in #3335
- [CIRCLECI] Dynamic-CI 💡 by @Renizmy in #3328
- Update dependency google-api-python-client to v2.160.0 by @renovate in #3357
- Update opencti/connector-ibm-xti Docker tag to v6.4.10 by @renovate in #3360
- Update opencti/connector-rst-ioc-lookup Docker tag to v6.4.10 by @renovate in #3361
- Update dependency Titan-Client to v1.20.0.8 by @renovate in #3362
- Update dependency boto3 to v1.36.10 by @renovate in #3363
- Update dependency certifi to v2025 by @renovate in #3367
- Update dependency dnstwist to v20250130 by @renovate in #3368
- [Intel471] Downgrade Titan-Client lib version to 1.20.0.4 by @helene-nguyen in #3377
- [Proofpoint ET Rep List] Create the connector by @helene-nguyen in #3378
- [socradar] Add SOCRadar external import connector by @Radargoger in #3072
- [Sentinel Incidents] 401 Unauthorized error + missing Directory's path by @Powlinett in #3353
- [Group-IB] Update Group-IB connector by @Kchekh in #3204
- [Spycloud] Create external import connector by @Powlinett in #3347
- [GroupIB] Remove copy .env in Dockerfile by @helene-nguyen in #3381
- [Hatching Triage Sandbox] URL analysis support + Playbook compatibility by @helene-nguyen in #3324
- [ImportFileYARA]: Create an import file connector dedicated to import YARA files/rules by @romain-filigran in #3259
- Update dependency Jinja2 to v3.1.5 [SECURITY] by @renovate in #3373
- Update sentinel-incidents docker-compose.yml by @romain-filigran in #3384
New Contributors:
- @Radargoger made their first contribution in #3072
- @Kchekh made their first contribution in #3204
Full Changelog: 6.4.10...6.4.11
Contributors
renovate, Powlinett, and 5 other contributors
Assets 2
Version 6.4.10
a269a0d
This commit was signed with the committer’s verified signature.
Filigran-Automation
Filigran Automation
Bug Fixes:
- #3345 [All Connectors] Update format following Black dependency upgrade
- #3338 [Crowdstrike] Imports are incorrectly sorted and/or formatted.
Pull Requests:
- [All connectors] Fix Update format following Black dependency upgrade by @helene-nguyen in #3346
Full Changelog: 6.4.9...6.4.10
Contributors
helene-nguyen
Assets 2
Version 6.4.9
Enhancements:
- #3309 [IBM X-Force] Add IBM X-Force in CI
- #3308 [IBM XTI] Create IBM XTI OpenCTI connector
- #3306 [RST IOC LookUp] Add RST IOC Look up connector in CI/CD
Bug Fixes:
- #3326 [AbuseIPDB] The connector completed with a "Terminated" status due to an issue occurring outside the main process
- #3320 [RST IOC Lookup] Issue on dependency version for requests
- #3304 [IPSUM] No image build in CI/CD
- #3282 [Zvelo]: Authentication token expiration not correctly managed
- #3275 [CrowdStrike] 'NoneType' object cannot be interpreted as an integer
Pull Requests:
- Create IBM X-Force Premier Threat Intelligence Services connector for OpenCTI platform by @awarrier99 in #3111
- [Zvelo]: Authentication token expiration not correctly managed by @romain-filigran in #3296
- Update dependency PyYAML to v6.0.2 by @renovate in #3301
- [CircleCI] Add RST IOC LookUp connector in CI by @helene-nguyen in #3307
- [CircleCI] Add IBM X-Force in CI by @helene-nguyen in #3310
- [RST IOC Lookup] Change dependency range for RST IOC Lookup requirements by @helene-nguyen in #3321
- Update opencti/connector-ipsum Docker tag to v6.4.8 by @renovate in #3323
- Update dependency pycti to v6.4.8 by @renovate in #3322
- [AbuseIPDB] Add more accurate logs when issue occurring outside the main process by @helene-nguyen in #3327
- Update dependency boto3 to v1.36.5 by @renovate in #3329
- Update dependency minio to v7.2.15 by @renovate in #3330
- [Crowdstrike] Correct imports are incorrectly sorted and/or formatted by @helene-nguyen in #3339
New Contributors:
- @awarrier99 made their first contribution in #3111
Full Changelog: 6.4.8...6.4.9
Contributors
renovate, awarrier99, and 2 other contributors
Assets 2
Version 6.4.8
Enhancements:
- #3287 [RST IoC Lookup] Create the connector
- #3286 [HuntIO] Create the connector
- #3284 [HuntIO] Add HuntIO in CI/CD
- #3279 [Flashpoint]: Enhance Flashpoint connector
- #2263 [Hygiene] Support CIDR and Partial Domains
Bug Fixes:
- #3290 [RST Report Hub] Missing generate id
- #3273 [Templates] Fix syntax error on entity_in_scope in template
- #3271 [All Connectors] Update CI and remove Ipsum connector from build 1
- #3260 [WIZ] - Connector code breaks the CI/CD because it uses test_requirements but has no tests
- #3096 [Flashpoint] interval not taken into account
- #2817 [RST Cloud - Threat Feed] The connector seems active, raises no errors, but nothing is imported
- #2767 [RST Cloud - Report Hub] Several issues
Pull Requests:
- [All Connectors] Update CircleCI by @helene-nguyen in #3272
- Update opencti/connector-wiz Docker tag to v6.4.7 by @renovate in #3264
- Update dependency boto3 to v1.35.98 by @renovate in #3265
- [Templates] Fix syntax error on entity_in_scope in template by @DucNg in #3249
- Update dependency google-api-python-client to v2.159.0 by @renovate in #3277
- Update dependency boto3 to v1.35.99 by @renovate in #3278
- [Hunt IO] Connector for importing C2 feed into OpenCTI by @m4r35 in #3033
- [RST IoC Lookup] Add RST IoC Lookup connector. + Fixes for Report Hub and Threat Feed by @k1r10n in #2864
- [RST Report Hub] Add missing generate id by @helene-nguyen in #3291
- [HuntIO] Add HuntIO in CI/CD by @helene-nguyen in #3285
- [Flashpoint]: Enhance Flashpoint connector by @romain-filigran in #3293
- Update dependency pytz to v2024.2 by @renovate in #3298
- Update dependency boto3 to v1.36.1 - autoclosed by @renovate in #3297
- Update dependency pycti to v6.4.7 by @renovate in #3302
- [CircleCI] Add Ipsum in CI for build_1 by @helene-nguyen in #3305
New Contributors:
Full Changelog: 6.4.7...6.4.8
Contributors
renovate, m4r35, and 4 other contributors