Version 6.3.13

Enhancements:

• #2692 [RiskIQ - PassiveTotal]: Create the enrichment connector

Bug Fixes:

• #2798 [Tanium] Repeating addition of intel

Pull Requests:

• [Tanium] Fix KeyError on non-existing indicator's labels by @Powlinett in #2967
• [RiskIQ - PassiveTotal] Create the enrichment connector by @Megafredo in #2968
• Update dependency pycti to v6.3.12 by @renovate in #2974

Full Changelog: 6.3.12...6.3.13

Version 6.3.12

Enhancements:

• #2947 [QRadar] Forward offenses from QRadar into OpenCTI as incidents
• #2923 [Connectors] Add linter check for no generation id stix, no value parameter and unused import in Circle CI
• #2298 Split logics for Microsoft Sentinel / Tanium Threat Response / HarfangLabs between Stream & Import

Bug Fixes:

• #2958 [Crowdstrike] Ingestion take too much time: state is not updated properly
• #2879 [splunk] Entrypoint refers to qradar directory
• #2867 [Flashpoint] Error occurs after some time running the connector
• #2816 [Mandiant]: Map Mandiant score to our score attribute on indicator
• #2803 [Flashpoint] Errors while adding the connector
• #2765 [Crowdstrike] Observable entities in reports are not imported
• #2811 Enrichment connectors called too early for artifacts
• #2700 [YARA] The YARA connector attempts to scan an artifact before the malwarebazaar-recent-additions connector finishes uploading the file
• #2546 [Yara Scan] Several problem

Pull Requests:

• Update dependency google-auth to v2.36.0 by @renovate in #2922
• [Template] Fixed condition and work id by @annoyingapt in #2935
• Update dependency PyGithub to v2.5.0 by @renovate in #2921
• Update dependency regex to v2024.11.6 by @renovate in #2934
• Update dependency packaging to v24.2 by @renovate in #2942
• Update dependency wheel to v0.45.0 by @renovate in #2943
• [Connectors] Add linter check for no generation id stix, no value parameter and unused import in Circle CI by @helene-nguyen in #2948
• [Mandiant] Add Mandiant score to IOC instead of confidence by @helene-nguyen in #2944
• Update dependency google-api-core to v2.23.0 by @renovate in #2950
• Update dependency Titan-Client to v1.20.0.4 by @renovate in #2951
• [Connectors] Revert docker_layer_caching by @helene-nguyen in #2937
• [Harfanglab Incidents] Create an external import connector by @Powlinett in #2877
• [FLASHPOINT] Deprecate malware and APT mport options by @flavienSindou in #2874
• [Flashpoint] Fix KeyError "site_source_uri" by @Powlinett in #2919
• Update dependency googleapis-common-protos to v1.66.0 by @renovate in #2955
• Update dependency boto3 to v1.35.59 by @renovate in #2954
• [Crowdstrike] Decrease limit max to retrieve IOCs + update documentation by @helene-nguyen in #2959
• Update dependency google-api-python-client to v2.153.0 by @renovate in #2961
• Update dependency pycti to v6.3.11 by @renovate in #2962
• Update dependency boto3 to v1.35.62 by @renovate in #2963
• [Connectors] Re add base linter to Circle CI by @helene-nguyen in #2970
• [Crowdstrike] Handle IOCs to be added in the report while importing the report by @helene-nguyen in #2969
• [Yara] Quick Fix for artefact recovery by @Megafredo in #2876

Full Changelog: 6.3.11...6.3.12

Version 6.3.11

No changelog for this release.

Pull Requests:

• [connectors] Multiple improvements : tokens, query hash, remove cybercrime by @cert-orangecyberdefense in #2912

Full Changelog: 6.3.10...6.3.11

Version 6.3.10

Enhancements:

• #2704 [Sentinel] Store additional information
• #2590 [Microsoft Sentinel] Enhance the connector i.e. import more data from MS to OCTI
• #976 [Silobreaker] Overall enhancement + customizable search queries
• #728 [MISP] hashes are not supported and inserted as Text
• #477 [TAXII2] Add Client side cert auth support

Bug Fixes:

• #2918 Relationships not created after workbench validation
• #2908 [group-ib] collection apt/threat error
• #2898 [Valhalla]: Many YARA rules are not correctly ingested
• #2887 [Sentinel Incidents] Error when running Sentinel Incidents image
• #2884 [Recorded Future] Crash Occurred "Alert" object is not subscriptable
• #2879 [splunk] Entrypoint refers to qradar directory
• #2878 [zerofox] cannot import name 'FoxBotnet' from 'zerofox.domain.botnet'
• #2873 [Valhalla] Object of type 'Indicator' is not JSON serializable

Pull Requests:

• Update dependency boto3 to v1.35.54 by @renovate in #2891
• [Recorded-Future] Fix TypeError, AttributeError and refacto by @Megafredo in #2885
• [connectors] update templates to align with best practices by @helene-nguyen in #2872
• Update dependency google-api-python-client to v2.151.0 by @renovate in #2890
• Update dependency crowdstrike-falconpy to v1.4.6 by @renovate in #2897
• [connectors] Distribute build time for CI by @helene-nguyen in #2904
• [connectors] Add docker_layer_caching for image layers in CI by @helene-nguyen in #2905
• Update opencti/connector-tenable-vuln-management Docker tag to v6.3.9 by @renovate in #2903
• Update opencti/connector-tanium-intel Docker tag to v6.3.9 - autoclosed by @renovate in #2902
• [Sentinel-Incidents] Improvment feature by @Megafredo in #2834
• [Sentinel Incidents] Fix dockerfile path by @Megafredo in #2909
• Better update dates of current state by @cert-orangecyberdefense in #2806
• [internal-import] add bundle containers to context entity container (OCTI #8178) by @JeremyCloarec in #2802
• [Connectors] Remove non-existing arguments for generate_id by @helene-nguyen in #2914
• [Zerofox] Rename class for botnet, malware, phishing, ransomware models by @helene-nguyen in #2913
• [Valhalla] Object of type 'Indicator' is not JSON serializable by @romain-filigran in #2896
• Update dependency tldextract to v5.1.3 by @renovate in #2910
• [internal-import] only add object_refs if entity context is a container by @JeremyCloarec in #2915

Full Changelog: 6.3.9...6.3.10

Version 6.3.9

No changelog for this release.

Pull Requests:

• Update dependency slack to v4.15.0 by @renovate in #2836
• Update dependency google-api-core to v2.22.0 by @renovate in #2857
• Update dependency boto3 to v1.35.52 by @renovate in #2881
• Update opencti/connector-sentinel-incidents Docker tag to v6.3.8 by @renovate in #2880

Full Changelog: 6.3.8...6.3.9

Version 6.3.8

Bug Fixes:

• #2865 [connector] Revert flake8 replacement with pylint

Pull Requests:

• [Connector] Revert flake8 config file deletion by @flavienSindou in #2866

Full Changelog: 6.3.7...6.3.8

Version 6.3.7

Enhancements:

• #2863 [connectors] Correct stochastic generated stix object id and add linter
• #2804 [RiskIQ] Set Main observable type
• #1450 [Tenable Vuln Management] Create the connector

Bug Fixes:

• #2850 [Tanium] Connector getting terminated without explicit logs
• #2792 [Mandiant] Importing Campaigns linked to an IOC doesn't import campaign's related entities
• #2773 [CrowdStrike] API Base URL variable name incorrectly defined

Pull Requests:

• [Sentinel connectors] add config to .circleci by @Powlinett in #2782
• [Sentinel-intel] Fix directory name in Dockerfile by @Powlinett in #2794
• Update dependency stix-shifter-modules-splunk to v7.1.1 by @renovate in #2790
• Update dependency boto3 to v1.35.40 by @renovate in #2791
• MISP connector add ESET galaxy by @polakovicp in #2799
• MISP connector: set tool name for PyMISP by @polakovicp in #2800
• Update dependency boto3 to v1.35.41 by @renovate in #2801
• Update dependency stix-shifter-utils to v7.1.1 by @renovate in #2796
• [RiskIQ] set Main Observable type for indicators by @yassine-ouaamou in #2805
• Update dependency boto3 to v1.35.42 by @renovate in #2809
• Update dependency boto3 to v1.35.43 by @renovate in #2813
• [Tenable-Vuln-Management]: Connector initial creation by @flavienSindou in #2759
• [Crowdstrike] Fix API Base URL variable name incorrectly defined by @helene-nguyen in #2797
• [Tenable-Vuln-Management]: Connector initial creation by @flavienSindou in #2821
• [Tanium] Create two connectors (external import and stream) to replace actual Tanium Stream connector by @Powlinett in #2698
• Update dependency boto3 to v1.35.44 by @renovate in #2818
• [Mandiant] Add possibility to import campaigns with related entities when importing IOC by @helene-nguyen in #2795
• [connectors] Error at relationships export in json (#7796) by @ValentinBouzinFiligran in #2829
• Update dependency playwright to v1.48.0 by @renovate in #2827
• Update dependency boto3 to v1.35.46 by @renovate in #2831
• Update dependency boto3 to v1.35.47 by @renovate in #2837
• Update dependency pycti to v6.3.6 by @renovate in #2844
• [Tanium] add try/except clause to log error on connector's launch by @Powlinett in #2855

Full Changelog: 6.3.6...6.3.7

Version 6.3.6

Enhancements:

• #2768 [ransomwarelive] Create predictive ids to prevent stix ids location explosion
• #2716 [Bit Defender] - New connector request

Bug Fixes:

• #2780 [ZeroFox] Entity mapping is sometimes inadequately structured
• #2779 [CrowdStrike] On "uses" relationships, the connector is generating too much STIX IDs and different start time
• #2753 [ImportExternalReference] BleepingComputer not importable due to Cloudflare protection
• #2748 [Import Document] Changing type of multiple observables in workbench removes an observable
• #2713 [Virustotal] Error when enriching certain entities
• #2671 [VirusTotal] "TypeError: can only concatenate str (not "NoneType") to str" error on certain results

Pull Requests:

• Update opencti/connector-greynoise-vuln Docker tag to v6.3.5 by @renovate in #2762
• [ZeroFox] fix ordering in intelligence collector by @DNRRomero in #2751
• Update dependency boto3 to v1.35.34 - autoclosed by @renovate in #2763
• Update dependency boto3 to v1.35.35 by @renovate in #2771
• Update dependency google-api-python-client to v2.148.0 by @renovate in #2770
• Update dependency boto3 to v1.35.36 by @renovate in #2774
• [ransomwarelive] Create predictive ids to prevent stix ids location explosion (#2768) by @richard-julien in #2769
• [importExternalReference] Bypasses certain security measures when generating a PDF or MD by @Megafredo in #2761
• [VirusTotal] Fix TypeError: can only concatenate str (not NoneType) to str by @Megafredo in #2766
• Update dependency google-api-core to v2.21.0 by @renovate in #2776
• [Sentinel] Split former Sentinel connector into two new connectors (external import and stream) by @Powlinett in #2749
• Update dependency domaintools-api to v2.1.0 by @renovate in #2783
• Update dependency boto3 to v1.35.39 by @renovate in #2784
• Update dependency reversinglabs-sdk-py3 to v2.7.1 by @renovate in #2788
• Update dependency pycti to v6.3.5 by @renovate in #2787
• [ZeroFox] Format intelligence objects by @DNRRomero in #2789
• [ Webhook Stream ] - Correct CONNECTOR_SCOPE by @stefanbulof in #2775

New Contributors:

• @stefanbulof made their first contribution in #2775

Full Changelog: 6.3.5...6.3.6

Version 6.3.5

Enhancements:

• #2720 [CISA KEV]: Do not republish all the content at each execution
• #2708 [GreyNoise Vuln] Add new GreyNoise Vulnerability internal enrichment connector
• #2623 [Group IB] improvements
• #2574 [Recorded Future] Integrate the code for Alerts into the connector

Bug Fixes:

• #2683 [crowdstrike] Push queue message size incorrectly set to 0, disabling buffering/throttling of ingestion

Pull Requests:

• Remove MSSP name by @akhanafeer in #2719
• Update dependency pandas to v2.2.3 by @renovate in #2724
• Update dependency stix-shifter-modules-splunk to v7.1.1 by @renovate in #2726
• Update dependency stix-shifter-utils to v7.1.1 by @renovate in #2728
• Update dependency boto3 to v1.35.29 by @renovate in #2736
• Update dependency boto3 to v1.35.30 by @renovate in #2738
• [greynoise-vuln] Add new GreyNoise Vulnerability internal enrichment connector (v2) by @bradchiappetta in #2740
• [Group-IB Connector] bug fixes, code updates, ttl + Improvements 2623 by @uTomasAnderson in #2741
• fixed threatfox doc by @brett-fitz in #2739
• [Crowdstrike] Improve connector and indicators ingestion by @helene-nguyen in #2742
• Update dependency pycti to v6.3.4 by @renovate in #2744
• Update dependency boto3 to v1.35.31 by @renovate in #2745
• [Greynoise Vuln] Add greynoise-vuln enrichment connector in CI/CD by @helene-nguyen in #2743
• [CISA KEV]: Do not republish all the content at each execution by @romain-filigran in #2737
• Update dependency boto3 to v1.35.32 by @renovate in #2752
• [Recorded Future] RF Integrate the code for Alerts and Playbook Alerts into the connector by @helene-nguyen in #2758
• Update dependency boto3 to v1.35.33 by @renovate in #2757

Full Changelog: 6.3.4...6.3.5

Version 6.3.4

Enhancements:

• #2725 [Alienvault, CrowdStrike, Phishunt, ThreatFox, URLHaus] added the ability to set x_opencti_score for select connectors

Bug Fixes:

• #2702 Tanium connector broken
• #2675 [Intel471] Files attached with no extension

Pull Requests:

• [Intel 471] Adding attachments extensions by @mmolenda in #2695
• Update dependency google-api-python-client to v2.147.0 by @renovate in #2705
• Update dependency stix-shifter to v7.1.1 by @renovate in #2710
• Update dependency reversinglabs-sdk-py3 to v2.7.0 by @renovate in #2709
• Update opencti/connector-import-file-misp Docker tag to v6.3.3 by @renovate in #2712
• Update opencti/connector-first-epss Docker tag to v6.3.3 by @renovate in #2711
• Update opencti/connector-shadowtrackr Docker tag to v6.3.3 by @renovate in #2714
• [Tanium] fix : wrong argument name when calling pycti method by @flavienSindou in #2703
• Update dependency boto3 to v1.35.28 by @renovate in #2715
• Update dependency elasticsearch to v7.17.12 by @renovate in #2717
• [Alienvault, CrowdStrike, Phishunt, ThreatFox, URLHaus] added the ability to set x_opencti_score for select connectors by @brett-fitz in #2554
• Fix configuration issues by @akhanafeer in #2718

New Contributors:

• @flavienSindou made their first contribution in #2703
• @akhanafeer made their first contribution in #2718

Full Changelog: 6.3.3...6.3.4