Version 7.260417.0

Bug Fixes:

• #6257 [all] Fix defaults for config fields accepting ISO 8601 durations

Pull Requests:

• [all] Fix dynamic defaults for import start dates by @Powlinett in #6258

Full Changelog: 7.260416.0...7.260417.0

Version 7.260416.0

Enhancements:

• #5174 [Microsoft Sentinel Intel] Batch processing of stream events and batch uploading
• #5248 [vx-vault] Migrate connector to connector manager supported
• #5922 [Google TI] Map "alt_names_details" to Campaign aliases
• #6103 [Google TI] Import Vulnerability summary/analysis into description
• #6105 [Google TI] Map Vulnerability source references to external_references
• #6107 [team-cymru-scout-search] Support Scout pattern enrichment for TEXT indicators
• #6212 [USTA] New External Import connector for USTA PRODAFT platform
• #6220 [Accenture-CTI] Convert threat actors to intrusion sets
• #6230 [ci] Auto-add "solved" label and correct milestone when PR is merged

Bug Fixes:

• #5749 [Recorded Future] Create Threat Actor instead of Intrusion Set
• #5762 [Google TI] Remove improper MITRE ATT&CK external reference generation
• #6099 [Google TI] Malware first_seen/last_seen always null due to field name mismatch
• #6183 [microsoft-sentinel-incidents] TypeError in detect_ip_version
• #6194 [Tenable Vuln Management] Missing device_type and invalid NetBIOS hostname cause findings to be dropped
• #6226 [s3/connectors-sdk] Note.generate_id does not include abstract, causing duplicate errors
• #6228 [Luminar] Fix auth token issue

Pull Requests:

• [VXVault] Migrate connector to manager-supported mode by @jabesq in #6175
• [google-dtm]: Create a connector for Google Digital Threat Monitoring by @romain-filigran in #5677
• [tool] chore(deps): Update dependency requests to ~=2.33.0 [SECURITY] by @renovate[bot] in #6196
• [Recorded Future] Create Threat Actor instead of Intrusion Set #5749 by @Kakudou in #6111
• [ESET] Update manifest by @maximerafaillac in #6187
• [microsoft-sentinel-incidents] Skip ip when no address by @throuxel in #6185
• [tenable-vuln-management] Fix pydantic models by @Powlinett in #6203
• [USTA] New External Import Connector by @p-osman in #6043
• [accenture-cti] Convert TA to IS (#6220) by @SamuelHassine in #6221
• [team-cymru-scout-search] Support Scout pattern enrichment for TEXT indicators by @mitchm101 in #5686
• [VX Vault] Update manifest descriptions by @romain-filigran in #6224
• [tool] chore(deps): Update dependency pytest to v9 [SECURITY] by @renovate[bot] in #6213
• [Google TI] Remove MITRE ATT&CK external reference generation by @romain-filigran in #6216
• [Google TI] Map alt_names_details field to Campaign aliases by @romain-filigran in #6214
• [Google TI] Bug: Malware first_seen/last_seen always null due to field name mismatch by @romain-filigran in #6197
• [Luminar] Auth fixes by @moin-loginsoft in #6227
• [onyphe] add support for ASM use-case & general performance improvements by @jimbobnet in #6066
• [ci] Add solved and correct milestone to issue when PR is merged by @throuxel in #6231
• [tool] chore(deps): Update dependency pytest to v9 [SECURITY] by @renovate[bot] in #6232
• [s3/connectors-sdk] Pass abstract to Note.generate_id for dedup alignment (opencti#15493) by @SamuelHassine in #6225
• [microsoft-sentinel] add batch mode by @Renizmy in #5957
• [Google TI] Map Vulnerability source references to external_references by @romain-filigran in #6217
• [Google TI] Models the 'executive_summary' and 'analysis' fields of a vulnerabili… by @romain-filigran in #6215

New Contributors

• @p-osman made their first contribution in #6043
• @jimbobnet made their first contribution in #6066

Full Changelog: 7.260409.0...7.260416.0

Version 7.260309.0-lts.3

Critical & security fixes:

• #5959 Fix continuous integration for LTS builds

Pull Requests:

• [ci] Add parameters to set the base branch (#5959) by @jabesq in #6086

Full Changelog: 7.260309.0-lts.2...7.260309.0-lts.3

Version 7.260409.0

Enhancements:

• #1816 [All connectors] Update all connectors to be aligned with confidence level changes
• #2051 [VirusTotal] Be able to enrich Indicator with VirusTotal connector
• #3653 [CrowdStrike-Endpoint-Security] Allow an Environment Variable to Allow Blocking Hash Based Indicators rather than Detect Only
• #5924 [Google TI] Map "analyst_comment" field to a Note object attached to the Report
• #6122 [Censys] Add certificate discovery for domain enrichment
• #6124 [MISP Connector] Search (Query) Limit with configuration variable

Bug Fixes:

• #4209 [VirusTotal] Connector Updates Score with Wrong Value
• #5095 MISP connector doesn't trigger periodic syncs
• #5773 [Google TI] Remove default "unknown" value for STIX entity type attributes
• #5775 [Google TI] Remove auto-generated default descriptions on entities and relationships
• #6139 [montysecurity C2-Tracker] The relationship type indicates is not allowed between IPv4-Addr and Malware
• #6168 [accenture-acti] ImportError due to renamed function in html-to-markdown library
• #6170 [Censys enrichment] NameError: name 'EmbeddedIdentifiedStixObject' is not defined

Pull Requests:

• [crowdstrike-endpoint-security] Add action config var by @throuxel in #6130
• [crowdstrike-endpoint-security] Fix prometheus-client requirement by @throuxel in #6144
• Nameshield Connector by @Ch-Philou in #5809
• [VirusTotal] use GTI assessment threat score when available by @jabesq in #6136
• [google-ti-feeds] Add analyst_comment note by @throuxel in #6145
• [misp]: add configurable search_limit parameter for MISP API queries by @jabesq in #6135
• [Censys] Add certificate discovery for domain enrichment by @aleitao in #5429
• [Censys enrichment] NameError: name 'EmbeddedIdentifiedStixObject' is not defined #6170 by @Ninoxe in #6171
• [Accenture ACTI] fix: pin html-to-markdown to ~=2.0 by @jabesq in #6169
• [tool] chore(deps): Update dependency google-api-python-client to v2.193.0 by @renovate[bot] in #6075
• [tool] chore(deps): Update dependency requests to v2.33.0 [SECURITY] by @renovate[bot] in #6146
• [tool] chore(deps): Update dependency google-auth to v2.49.1 by @renovate[bot] in #6076
• [VirusTotal] add Indicator as enrichment scope by @jabesq in #6154
• [montysecurity-c2-tracker] Fix wrong relationship by @throuxel in #6176
• [montysecurity-c2-tracker] Add tests fix wrong relationship by @Megafredo in #6181

New Contributors:

• @Ch-Philou made their first contribution in #5809
• @aleitao made their first contribution in #5429

Full Changelog: 7.260401.0...7.260409.0

Version 6.9.29

enhancement

• [ci] Add parameters to set the base branch (#5959) by @jabesq in #6087

Full Changelog: 6.9.28...6.9.29

Version 7.260401.0

Enhancements:

• #6113 [CISA KEV] Support selective field update — update KEV field only without overwriting other vulnerability data
• #5977 [Doppel] Improve and verify the connector
• #5934 [Checkfirst] Verify the connector

Pull Requests:

• Update dependency requests to v2.33.0 [SECURITY] by @renovate[bot] in #6081
• [all] chore: Do not check PR title if author is renovate by @jabesq in #6084
• [checkfirst] Update connector to be "manager_supported" by @Powlinett in #6032
• [connectors-sdk] Add missing RelationshipType values by @Powlinett in #6069
• [connectors-sdk] Add text and sighting to models by @throuxel in #6064
• [cisa-kev]: Add KEV flag only mode option (Fixes #6113) by @romain-filigran in #6114
• [docker] Build UBI9 image for multiple connectors (#6065) by @xfournet in #6108
• [Google TI] Remove default "unknown" value for STIX entity type attributes #5773 by @Kakudou in #6080
• [Google TI] Remove auto-generated default descriptions on entities and relationships #5775 by @Kakudou in #6079
• [MISP] Add a batching mechanism based on the size of the entities (#5289) by @jabesq in #6045
• [ci] Add GitHub Actions test workflow with CodeCov integration by @jabesq in #6072
• [orange-cyberdefense] remove connector by @ocd-acauchy in #5871
• [crowdstrike] Add support for importing "affected products" from CrowdStrike vulnerabilities collection #5693 by @Kakudou in #6082
• [orange-cyberdefense-v3] external-import connector update by @ocd-acauchy in #5872
• [shadowserver] Fix report types and add report names config by @throuxel in #6127
• [orange-cyberdefense-enrichment-v3] internal-enrichment connector update by @ocd-acauchy in #5873
• [Doppel] Improve and verify the connector #5977 by @Ninoxe in #6021
• [dogesec - cyber threat exchange] releasing connector by @himynamesdave in #5795

Full Changelog: 7.260326.0...7.260401.0

Version 7.260326.0

Enhancements:

• #6062 [ESET enrichment] Add TLP for enriched report data
• #6048 [taxii-post] Add config for api root
• #6029 [greynoise-feed] Update GreyNoise SDK and rework connector processing
• #6028 [greynoise] Update to SDK v3 and User Fixes
• #6026 [greynoise-vuln] Support updated v3 SDK and remove unnecessary API key check
• #6015 [mwdb] Set indicator_types and x_opencti_main_observable_type on STIX Indicators
• #6014 [DigintLab-DEP] Create Sector entities linked to victims
• #6013 [criminal-ip] New enrichment connector
• #5994 [dogesec - stixify] update to match stixify api changes
• #5993 [dogesec] adding tests to connectors
• #5991 [connectors-sdk] Add Campaign, Channel, Infrastructure and MediaContent models
• #5987 [SNOW App] Application analysis - UAT
• #5982 [Mokn] Update description
• #5959 [ci] Update pycti version used in run_test.sh
• #5886 Automatically check that there is an issue linked to a PR
• #5803 [Montysecurity-C2-tracker] Verify the connector

Bug Fixes:

• #6042 [mwdb] C2 config entries silently dropped when returned as dicts
• #6034 [connectors-sdk] Cache BaseIdentifiedObject.id property to avoid redundant computation
• #6030 [tenable-vuln-management] Fix unexpected API response error
• #6017 [ransomwarelive] invalid "source_code" link in manifest
• #5892 [reversinglabs-spectra-intel-submission] Fix Note.generate_id() calls
• #5891 [reversinglabs-spectra-analyze] Fix Note.generate_id() calls
• #5890 [reversinglabs-malware-presence] Fix Note.generate_id() calls
• #5889 [shadowserver] Fix Note.generate_id() calls
• #5824 [Recorded Future] - Playbook_alert/search returned HTTPError 403

Pull Requests:

• ci: Align the pre-commit hooks tools versions with the ones used in CI by @jabesq in #6004
• Fix/5848 CVE default author by @jabesq in #6001
• [shadowserver] Fix Note.generate_id() calls to prevent note duplication by @Copilot in #5944
• [Criminal IP] Add internal enrichment connector by @jsshim-aispera in #5986
• [DigintLab-DEP] enh: create Sector entities linked to victims by @notdodo in #5938
• [mwdb] Set indicator_types and x_opencti_main_observable_type on STIX Indicators by @MrStarkEG in #5881
• [Mokn] update Mokn manifest description for the Hub (#5982) by @maximerafaillac in #5984
• [dogesec] adding tests to connectors by @himynamesdave in #5813
• [ransomwareLive] Fix "source_code" link in manifest by @romain-filigran in #6018
• [dogesec - stixify] update to match stixify api changes by @fqrious in #5766
• [reversinglabs-malware-presence ] Fix Note.generate_id() calls by @jabesq in #6002
• [reversinglabs-spectra-analyze] Fix Note.generate_id() calls to prevent note duplication by @Copilot in #6006
• [reversinglabs-spectra-intel-submission] Fix Note.generate_id() to prevent note duplication by @Copilot in #6005
• [tenable-vuln-management] Fix "Unexpected API response" error by @Powlinett in #6031
• [greynoise-vuln] Support updated v3 SDK and remove unnecessary API keey check by @bradchiappetta in #5758
• [connectors-sdk] Add Campaign, Channel, Infrastructure and MediaContent models by @Powlinett in #5995
• [greynoise] Update to SDK v3 and User Fixes by @bradchiappetta in #5812
• [recorded-future] Fix error on playbook-alert/search by @throuxel in #6007
• [GTI] Clean up tests #5828 by @Kakudou in #5997
• [CI] Verification workflows with PR conventions check (#5886) by @jabesq in #6010
• [CI] Enforce PR title convention check by @jabesq in #6011
• [connectors-sdk] Compute BaseIdentifiedObject.id on validation and cache its value by @Powlinett in #6035
• [taxii-post] Add config for api root by @throuxel in #6049
• [greynoise-feed] Update GreyNoise SDK and rework connector processing by @bradchiappetta in #5840
• [ESET enrichment] Add TLP for enriched report data by @polakovicp in #6038
• [mwdb] Fix silent C2 data loss when config entries are dicts by @MrStarkEG in #6041
• Update dependency CairoSVG to v2.9.0 by @renovate[bot] in #6009
• Update dependency black to v26.3.1 by @renovate[bot] in #6008
• [Montysecurity-c2] Verify Connector by @jabesq in #5998
• [connectors-sdk] add Incident model to the SDK (#6046) by @ncarenton in #6052
• [ci] Add parameters to set the base branch by @jabesq in #5983

New Contributors

• @jsshim-aispera made their first contribution in #5986
• @MrStarkEG made their first contribution in #5881

Full Changelog: 7.260318.0...7.260326.0

Version 7.260309.0-lts.2

Critical & security fixes

• #5948 [CI] Trigger release build on LTS tag
• #5933 [MISP] Check the buffering state while sending batch chunks
• #6030 [tenable-vuln-management] Fix unexpected API response error

Security updates

• black updated to 26.1.0 to 26.3.1

Full Changelog: 7.260309.0-lts1...7.260309.0-lts.2

Version 7.260318.0

Enhancements:

• #5951 [connectors-sdk] Add missing refs to observables
• #5214 [proofpoint-tap] Migrate connector to be connector manager supported

Pull Requests:

• Update dependency black to v26.3.1 [SECURITY] by @renovate[bot] in #5971
• [ci] try to rebase before pushing manifest by @throuxel in #5990
• [connectors-sdk] Add missing belongs_to and resolves_to fields by @Powlinett in #5952
• [connectors-sdk] Suppress UserWarning emitted from BaseSettings during tests by @Powlinett in #5955
• [proofpoint-tap] Update connector to be "manager_supported" by @Powlinett in #5935

Full Changelog: 7.260317.0...7.260318.0

Version 6.9.28

No changelog for this release.

Full Changelog: 6.9.27...6.9.28