Changelog

February 12, 2019 ยท View on GitHub

5.7.0 (2019-02-12)

Fixes

  • Fix bug in handling idna encoded domain names. Roomgraph with rules like "domain name" in *.example.com crashed if event had idna encoded domain name that didn't cleanly convert to unicode.

5.6.0 (2018-04-04)

Features

  • Improved the harmonization document:
  • better readability
  • added a new functional type, compromised account
  • added a new threat type, policy violation

Fixes

  • Fix IMAPBot to work correcty when UIDs change between sessions.

5.5.3 (2018-02-20)

Fixes

  • Raise ValueError if RegExp pattern is invalid.

5.5.2 (2017-09-04)

Fixes

  • Fix CSVReader to work also using Python 2.6.

5.5.1 (2017-09-04)

Fixes

  • Include status in abuse.ch's Feodo C&C feed.
  • GeoIP augmentation: Add coordinates even if one of them is zero.
  • Handle malformed input data using replacemode in CSVReader.

5.5.0 (2017-08-14)

Features

  • Add support for DataPlane's DNS feeds.
  • Improve fetch_url():
    • Use ssl.create_defaut_context() when available (Python 2.7.9 or newer). This enables SNI support and tries to choose reasonably secure protocol and cipher settings.
    • Use Python's builtin functionality for finding and loading system's CA bundle when running on modern Python (2.7.9+).
  • Improve the description of host-based artifacts in Data Harmonization Ontology.

Fixes

  • Fix comparison of Session() objects.
  • Fix crash in mailer if connection is lost when sending mail.

Removed

  • Remove support for OpenBL feed.

5.4.0 (2017-05-12)

Features

  • Add support for DataPlane's VNC RFB feed

Fixes

  • Use "malware family" when creating description in abuse.ch's feeds

Removed

  • Remove support for abuse.ch's Palevo Tracker

5.3.1 (2017-03-31)

Fixes

  • Update the VXVault feed URL

5.3.0 (2017-02-17)

Features

  • Add support for DataPlane feeds
  • Improve usability by creating required directories automatically (#85)
  • Improve robustness and add more human readable error messages (#86)
  • Improve the DHO with the "vulnerability" key to help in correlating the vulnerable service reports and "source" to help in better describe aggregated indicators collated by a feeder.

Removed

  • Remove support for Dragon Research Group's feeds
  • Remove support for AutoShun feed

5.2.0 (2016-11-11)

Features

5.1.0 (2016-10-28)

Features

  • Add log level option for bots (#80).

Fixes

5.0.0 (2016-09-23)

Fixes

  • Fixed the core keys and values to conform with the DHO, Data Harmonization Ontology.
  • Changes to "type" values:
    • "malware" -> "malware url"
    • "exploit" -> "exploit url"
  • Changes to keys:
    • "malware" -> "malware family"

Deprecations

  • Remove abusehelper.core.archivebot. Encouraging users to move to use abusehelper.bots.archivebot.archivebot instead which supports JSON archiving and daily rotation of the archives (#23, #24)

4.2.0 (2016-07-28)

Features

  • Convert default URLs to use HTTPS instead of HTTP in following bots: abusehelper.bots.autoshun.autoshunbot, abusehelper.bots.dragonresearchgroup.ssh, abusehelper.bots.malc0de.malc0debot, abusehelper.bots.phishtank.phishtankbot, abusehelper.bots.spamhaus.drop and abusehelper.bots.malwaredomainlist (#70).
  • Current AbuseHelper version is published in abusehelper.__version__ (#69).

Fixes

  • Fixed broken formatting for the Ontology document (#67).
  • botnet command now works in FreeBSD (#76).

4.1.0 (2016-06-22)

Features

  • Switch to setuptools for packaging (#37)
  • Transformation handlers (#54)
  • See pull request (#54) for details.

Fixes

  • Fixed abusehelper.bots.openbl.openblbot which failed to parse malformed lines. (#63, #64)

Deprecations

  • Removed SpyEye tracker bots. (#65)

4.0.1 (2016-05-19)

Features

  • Add option to provide custom CA certificate file to abusehelper.core.imapbot, abusehelper.core.mail.imapbot and abusehelper.core.mailer. (#57, #58, #62)

4.0.0 (2016-05-19)

Features

Fixes

  • Fixed TLS MITM vulnerability in abusehelper.core.imapbot, abusehelper.core.mailer and abusehelper.core.utils.fetch_url modules. See docs/SECURITY-2016-01.md for more information.
  • Simpler abusehelper.core.roomgraph multiprocessing implementation, which also boosts performance due to less idiokit overhead. (#50)

Deprecations

  • abusehelper.core.archivebot module now logs a deprecation warning. Archivebot, abusehelper.bots.archivebot.csvarchivebot, and abusehelper.bots.archivebot.rolloverarchivebot will be replaced by abusehelper.bots.archivebot module.

3.1.0 (2016-04-06)

Features

  • More extensive logging with tracebacks when abusehelper.core.startup and abusehelper.core.runtime fail to load the configuration file (#36)
  • Add abusehelper.bots.abusesech.ransomwarebot (#40)

3.0.0 (2016-02-10)

Features

  • Add domain name patterns to the rule language (#7)
  • Move abusehelper.core.roomgraph rule matching to separate worker processes (5b524b1)
    • The new startup option concurrency=[integer] defines how many worker processes should get launched, defaulting to 1 (2b2ce65)
  • Add a rotating and compressing JSON archivebot abusehelper.bots.archivebot.archivebot (13173cb, #13, #26)
  • Add abusehelper.tools.sender and abusehelper.tools.receiver (a75fae4, 5706398)
    • sender is a tool for sending JSON formatted data as events to a XMPP room.
    • receiver is for receiving events from a room as JSON.
    • See abusehelper/tools/README.md for reference.
  • Change the bot return code and termination signal logging format to include the symbolic form of the signal along with the signal code. (#22)

Fixes

  • Support HTTPS URLs in mails processed by abusehelper.core.shadowservermail.
  • Set socket timeouts for abusehelper.core.imapbot's IMAP connections, controlled with the mail_connection_timeout=[seconds] option and defaulting to 60 seconds.
  • Set socket timeouts for abusehelper.core.mailer's SMTP connections, controlled with the smtp_connection_timeout=[seconds] option and defaulting to 60 seconds.

Deprecations

  • Remove abusehelper.core.dshield, the DShield bot will be further maintained in the AbuseHelper Community repository (#14)
  • Legacy rules from abusehelper.core.rules.compat (AND, OR, NOT, MATCH, ANYTHING and NETBLOCK) have been removed after a deprecation period. Please use corresponding abusehelper.core.rules functionality (And, Or, ...).
  • Remove backwards compatibility from abusehelper.core.runtime and abusehelper.core.startup when launching and maintaining running bots (#20)
  • Remove warn and fatal logging methods from abusehelper.core.log.EventLogger (#19)
  • Remove temporary backwards compatibility code from abusehelper.core.serialize (#21)
  • The migration period for the contrib package removal has ended. Please change all references of abusehelper.contrib package to abusehelper.bots. Several bots also migrated to the AbuseHelper community repository in https://bitbucket.org/ahcommunity/ahcommunity:
    • contrib.arbor.atlassrf
    • contrib.arbor.ssh
    • contrib.bgp-xmpp.bgprankingbot
    • contrib.csv2xmpp.csv2xmpp
    • contrib.experts.bgpexpert
    • contrib.experts.bgpquaggaexpert
    • contrib.experts.iscpdnsexpert
    • contrib.experts.iso3166expert
    • contrib.experts.observerexpert
    • contrib.experts.malwarehash
    • contrib.experts.passivedns
    • contrib.experts.rtexpert
    • contrib.experts.sshkeyscan
    • contrib.experts.url2domain
    • contrib.iplist.iplist
    • contrib.logcollector.logcollectorbot
    • contrib.malwareblacklist.malwareblacklistbot
    • contrib.mailextras.iodef
    • contrib.mailextras.signingmailer
    • contrib.urllistmailbot.urllistmailbot
    • contrib.opencollab.crypto
    • contrib.opencollab.downloader
    • contrib.opencollab.virtualboxsandbox
    • contrib.opencollab.webshot
    • contrib.opencollab.wikicryptostartup
    • contrib.opencollab.wikiruntime
    • contrib.opencollab.wikistartup

2.1.0 (2015-08-13)

Historical release.