ThreatIngestor v1.4.0

Changelog

Breaking Changes

• Due to the recent Twitter API changes, the Twitter operator is no longer supported (#157)

What's Changed

• BugSnag 🐛 by @azazelm3dj3d in #157
• Regex URL filtering for RSS and sitemap sources by @azazelm3dj3d in #158

Full Changelog: v1.3.3...v1.4.0

New build info and documentation can be found here: https://pypi.org/project/threatingestor/1.4.0/

ThreatIngestor v1.3.3

Changelog

Breaking Changes

• Due to the recent API paid transition from Twitter ("X"), we had to rebuild our Twitter source from the ground up to accommodate their new API schema. While almost verbatim to the old structure, we did have to make some modifications to the configuration. (#155)

Bug Fixes

• Sitemap ingestion was missing certain IOCs due to some HTML content being skipped, this is now fixed (b661a08)

Features

• Improved config.yml validation script
  • It now includes a verbosity (-v) flag to debugging and cleaner output (a646830)
  • Better check when validating operators (c59af56)

New build info and documentation can be found here: https://pypi.org/project/threatingestor/1.3.3/

Changelog: v1.2.0...v1.3.3

ThreatIngestor v1.2.0

Changelog

Bug Fixes

• A small patch was made to update how the sitemap source ingests artifacts. Certain blog URLs should no longer be skipped (5dc79f6)

Features

• New independent config.yml validation script for verifying the configuration is appropriately structured as both a YAML file and the minimum requirements for ThreatIngestor are met (#149)
  • Script: scripts/validate.py
• New source now allows for VirusTotal user comments ingestion (#87) (f08946d, de66d6e)
• Web source now runs an extra check against the modified header and saves the status code in the "saved_state" as an additional validation checkpoint before ingesting (#101) (d91e6f1)

New build info and documentation can be found here: https://pypi.org/project/threatingestor/1.2.0/

Changelog: v1.1.0...v1.2.0

ThreatIngestor v1.1.0

Changelog

Bug Fixes

• Merged the url_controller utility into the twitter source due to a broken import (#144)
• Restructured imports for the image and twitter sources. This should improve compatibility with Python 3.6 (d3ecc5a)
• No longer uses urllib module for the sitemap source. Now uses the requests module (d3ecc5a)
• RSS and sitemap sources now have better ingestion thanks to improvements made to the HTML content parsing (#140)

Features

• Automated image extraction from twitter sources (#132)
• New indicator of comprise type for ingested sources: email (#122)
• Updated codebase to match the newest version of iocextract (#143)
• Regex parsing is now supported for RSS sources (#142)

Hot Fix

• v1.1.1 - Fixed suffocating ingestion when working with RSS and sitemap feeds (2b64461)

New build info and documentation can be found here: https://pypi.org/project/threatingestor/1.1.1/

Changelog: v1.0.3...v1.1.0

ThreatIngestor v1.0.3

Changelog

Bug Fixes

• Improved URL extraction for Twitter by utilizing the pyshorteners module. Now when the expansion attempt fails the first time, it'll attempt a different method for expanding the URL before returning the artifact (#128)

Features

• Now offers custom regex filtering for the sitemap ingestion source (#129)
• Modernized documentation (f394da0, d2a8ab3, 31dd2b3)

New build info and documentation can be found here: https://pypi.org/project/threatingestor/1.0.3/

Changelog: v1.0.2...v1.0.3

ThreatIngestor v1.0.2

Changelog

Bug Fixes

• Updated Dockerfile to now include more pip packages and Google tesseract (126eb85)
• Converted versioning to remove the 'beta' tag (126eb85)

Features

• New sources: image, sitemap
  • image: Allows for image string extraction to parse out IOCs (1b06683)
  • sitemap: Parses sitemap XML data to locate blogs (079985e)

New build info and documentation can be found here: https://pypi.org/project/threatingestor/1.0.2/

ThreatIngestor v1.0.0b9

Changelog

Bug Fixes

• Bug fix for GitHub configuration. Now allows the user to select a specific number of days since the creation date (num_of_days in config.yml) when searching for a repository. (#113)
• Bug fix for retweeted bodies not being properly ingested. Now when collecting artifacts, the retweet body should be included. (#114)

Features

• Added GitHub workflow for running tests when a new commit is pushed.
• Now includes a Docker build for running in a containerized environment.
• New ingestion stream included. Users can now run a search against GitHub gists, searching by username. (#88)

New build info and documentation can be found here: https://pypi.org/project/threatingestor/1.0.0b9/

ThreatIngestor v1.0.0b8

• Added a whitelist feature for skipping common, non-malicious domains and hosts.

ThreatIngestor v1.0.0b7

• Updated Twitter ingestion to support extended tweets.
• MISP upgrades.

ThreatIngestor v1.0.0b6

Sixth beta release.

• Updated some ThreatKB plugin internals.