Version 7.260305.0

Enhancements:

• #5875 [Connectors-SDK] Add TDR about deprecation in connectors-sdk
• #5829 [TeamT5] Use of Client ID and Secret for TeamT5 Connector
• #5737 [MokN] Create connector
• #5692 [crowdstrike] Parse Indicator labels into structured knowledge objects and fields
• #5591 [Checkfirst] Connector to ingest technical data about disinformation infrastructure
• #5244 [anyrun.task] Migrate connector to be connector manager supported
• #5238 [domaintools] Migrate connector to be connector manager supported
• #3985 [ShadowServer] Improve Connector

Bug Fixes:

• #5908 [MWDB] Remove banner to align with other connectors
• #5907 [All] Update all connectors using connectors-sdk to point to master branch
• #5894 [crowdstrike] Config ValidationError while deploying through XTM Composer
• #5888 [Feedly] Can't edit, remove or add Feedly Stream IDs
• #5882 [CI] get_tags crash when "latest" tag is not in the list
• #5878 [connectors-sdk] BaseConnectorSettings.to_helper_config raises PydanticSerializationError on deprecated fields set to None
• #5843 [Recorded Future] TypeError on Analyst Note
• #5814 [crowdstrike] Reports imported by YARA/Snort importers despite being excluded from scope
• #5783 [Google TI] Creates wrong aliases
• #5225 [MISP] Connector crashes on stix2-Locations that aren't countries

Pull Requests:

• [crowdstrike] do not import reports if not in scope by @throuxel in #5868
• [CI] Do not push latest docker tag if the release is not the most recent one by @helene-nguyen in #5880
• [CI] Fix get_tags crash when "latest" tag is not in the list by @helene-nguyen in #5883
• [Recorded Future] TypeError on analyst note process by @Ninoxe in #5797
• [Crowdstrike] crowdstrike label parser by @CTIBurn0ut in #5712
• [mokn] Add MokN connector by @mokn-ageorges in #5764
• [TeamT5] Add OAuth 2.0 client credentials authentication by @jabesq in #5850
• [tool] chore(tooling): fix add to project workflow (#5884) by @ncarenton in #5885
• [Checkfirst] Create the connector on Pravda by @herve-checkfirst in #5787
• [CI] Fix Docker: client version 1.41 too old when running multi-arch build by @helene-nguyen in #5898
• [Feedly] add validation for stream_ids config field by @jabesq in #5887
• [all]: ci: Remove default version for setup_remote_docker by @jabesq in #5900
• [Google-TI-Feeds] Remove and ignore GoogleTI build directory by @jabesq in #5902
• [crowdstrike] Fix ConfigValidationError when deploying through XTM Composer by @Powlinett in #5895
• Update dependency black to v26 by @renovate[bot] in #5874
• [import-document/import-document-ai] Dont re-import files by @SamuelHassine in #5914
• [Feedly] Update README.md to include the latest settings information by @jabesq in #5853
• Update dependency isort to v6.1.0 by @renovate[bot] in #5858
• Update dependency google-api-python-client to v2.191.0 by @renovate[bot] in #5857
• [shadowserver] improve connector by @throuxel in #5865
• [connectors-sdk] Add TDR about deprecation by @throuxel in #5876
• [domaintools] Update connector to be "manager_supported" by @Powlinett in #5344
• [connectors] CI - build ARM images by @helene-nguyen in #5918
• [connectors-sdk] Fix BaseConnectorSettings.to_helper_config to work with deprecated fields by @Powlinett in #5917
• [MWDB] Remove banner to align with other connectors by @helene-nguyen in #5909
• [all] Update requirements for sdk to point to master by @throuxel in #5910
• [MISP] handle region as a stix2.Location by @axelfahy in #5608
• Revert "[connectors] CI - test build ARM images (#4506)(#450)" by @jabesq in #5921
• [Google-ti-feeds] Remove source from aliases for Threat actor and Malware by @Ninoxe in #5911
• [anyrun.task] Migrate connector to be connector manager supported by @jabesq in #5751
• [All] Improve contribution guidelines by @helene-nguyen in #5690

New Contributors:

• @mokn-ageorges made their first contribution in #5764
• @herve-checkfirst made their first contribution in #5787

Full Changelog: 7.260227.0...7.260305.0

Version 7.260227.0

Enhancements:

• #5826 [Silobreaker] Update logo and description
• #5211 [disarm] Migrate connector to be connector manager supported

Bug Fixes:

• #5792 [ShadowServer] Segmentation fault on large reports
• #3950 [Feedly] Error on Observables when IP is paired with port

Pull Requests:

• [ShadowServer] Replace pandas DataFrame with csv for markdown and CSV handling by @jabesq in #5836
• [disarm] Fix connector's default scope by @Powlinett in #5673
• [all] CI: Disable pip check due to incompatibilites between requirements by @jabesq in #5861
• [Feedly] Remove port from IPv4 Observable by @jabesq in #5815
• [silobreaker] Change silobreaker description and update logo by @maximerafaillac in #5837
• [disarm-framework] regenerate config JSON schema (CI failure) by @Powlinett in #5867
• [tools] Ensure connectors-sdk is available for script generation by @helene-nguyen in #5856
• [Promptintel] New connector creation (#5799) by @SamuelHassine in #5800

Full Changelog: 7.260224.0...7.260227.0

Version 7.260224.0

Enhancements:

• #4011 [Feedly] Ability to prevent relation creation

Pull Requests:

• Handle config deprecation and migration in connectors-sdk by @throuxel in #5563
• [Feedly] Add Setting to block relationship entity from feedly by @jabesq in #5810
• Update dependency flake8 to v7.3.0 by @renovate[bot] in #5841
• Update dependency google-api-core to v2.30.0 by @renovate[bot] in #5842
• [Cofense ThreatHQ] Fix test failure: add missing 'jwks' key to connector register mock by @helene-nguyen in #5846
• [All] Fix test failure: add missing 'jwks' key to connector register mock by @helene-nguyen in #5847
• [all] Fix sdk version by @throuxel in #5849
• [shadowserver] fix sdk version by @throuxel in #5851
• [MISP] Fix event reprocessing loop by advancing state before buffering check by @jabesq in #5839
• [shared] update generate_connector_config_json_schema sample by @throuxel in #5852

Full Changelog: 6.9.22...7.260224.0

Version 6.9.22

Enhancements:

• #5820 [DigintLab-DEP] Skip empty "victim" and allow incident data updates
• #5819 [IBM XTI] Upgrade to latest OpenCTI version
• #5817 [vmray-platform] Add incremental ingestion and retry mechanism
• #5816 [cve] Add CWE support when parsing CVEs from NVD

Bug Fixes:

• #5818 [recorded-future] Connector generates millions of Notes, causing RabbitMQ queue saturation

Pull Requests:

• [cve] Add CWE support by @jwil32 in #5733
• [vmray-platform] Add incremental ingestion and retry mechanism by @moin-loginsoft in #5784
• [IBM XTI] Upgrade to latest OpenCTI version by @awarrier99 in #5621
• [DigintLab-DEP] enh: skip empty "victim" and allow incident data updates by @notdodo in #5767
• [Recorded-Future] Fix the generate ID for the notes by @Megafredo in #5821
• Update dependency dateparser to v1.3.0 by @renovate[bot] in #5832
• Update dependency black to v25.12.0 by @renovate[bot] in #5831

Full Changelog: 6.9.21...6.9.22

Version 6.9.21

Enhancements:

• #5790 [Google TI] Optimize API calls by setting explicit pagination limit on relationship queries
• #5754 [Crowdstrike] Model CrowdStrike malware “variant-of” and “next_stage_of” relationships into OpenCTI
• #5187 [montysecurity-c2-tracker] Create connector
• #4845 [TheHive] Add support for TheHive case attachments

Bug Fixes:

• #5806 [import-file] fix value of CONNECTOR_VALIDATE_BEFORE_IMPORT in README
• #5387 [FEEDLY] Make the FEEDLY_STREAM_IDS mandatory

Pull Requests:

• [Google TI] Optimize API calls by setting explicit pagination limit on relationship queries by @romain-filigran in #5791
• [import-file] fix value of CONNECTOR_VALIDATE_BEFORE_IMPORT in README by @axelfahy in #5689
• [TheHive] Add support for TheHive case attachments by @MohamedMerimi in #4765
• [crowdstrike] Create relationships from 'variant_of' and 'next_stage_of' fields by @Powlinett in #5771
• [monty security c2 tracker] create the connector by @maximerafaillac in #5741
• [Feedly]Make FEEDLY_STREAM_IDS setting mandatory (#5387) by @jabesq in #5808
• [google-ti-feeds] Optimize API calls by setting explicit pagination limit on relationship queries - V2 by @romain-filigran in #5811

Full Changelog: 6.9.20...6.9.21

Version 6.9.20

No changelog for this release.

Full Changelog: 6.9.19...6.9.20

Version 6.9.19

Enhancements:

• #5547 [team-cymru-scout-search] Verify + add connector in the catalog

Bug Fixes:

• #5802 [Cybersixgill] Li 410 open cti darkfeed connector issue

Pull Requests:

• Update dependency pre-commit to ~=4.5.1 by @renovate[bot] in #5703
• Update dependency playwright to v1.58.0 by @renovate[bot] in #5702
• [Cybersixgill] Li 410 open cti darkfeed connector issue by @syed-loginsoft in #5449
• [team-cymru-scout-search] Verify + add connector in the catalog by @throuxel in #5726
• Feat/5546 verify team cymru scout by @ncarenton in #5757

New Contributors:

• @syed-loginsoft made their first contribution in #5449

Full Changelog: 6.9.18...6.9.19

Version 6.9.18

Enhancements:

• #5769 [VulnCheck] Add attack patterns, courses of action, all CVSS version, labels and more
• #5753 [Crowdstrike] Model CrowdStrike malware capabilities as OpenCTI malware types
• #5629 [Virustotal-livehunt-notification] Add TLP marking
• #5234 [shadowserver] Migrate connector to be connector manager supported
• #2003 [crowdstrike] Add function to import malware families

Bug Fixes:

• #5780 [Google ti feeds] Failed tests
• #5777 [Google TI] Indicator scores from GTI assessment are not correctly mapped
• #5756 [misp-intel] IOCs not being published
• #5716 [MISP] Connector hangs indefinitely when MISP instance is unreachable
• #5658 [Recorded Future Enrichment] Incorrect documentation

Pull Requests:

• [Recorded future enrichment] fix incorrect documentation by @Ninoxe in #5760
• [VulnCheck] Add attack patterns, courses of action, all CVSS version, labels and more by @maddawik in #4796
• [MISP] Add timeout settings for MISP requests by @jabesq in #5761
• [virustotal-livehunt-notification] Add TLP markings to the entities by @jabesq in #5738
• [misp-intel] Fix publication (#5756) by @SamuelHassine in #5774
• [URLHaus] docs: Fix Urlhaus URL in manifest json by @maximerafaillac in #5770
• [ci] Add automation to add new issues/PRs to project (#5727) by @ncarenton in #5747
• [Google TI] Indicator scores from GTI assessment are not correctly mapped by @romain-filigran in #5779
• [Google ti feeds] fix tests and add condition in get_score function by @Ninoxe in #5781
• [crowdstrike] Add function to import malware families (#2003) by @Kakudou in #5223
• [crowdstrike] Map capabilities to malware_types by @Powlinett in #5763
• [shadowserver] Update connector to be "manager_supported" by @Powlinett in #5679

Full Changelog: 6.9.17...6.9.18

Version 6.9.17

Enhancements:

• #5742 [virustotal] Display VirusTotal enrichment results for "undetected" observables
• #5734 [ismalicious] New enrichment integration for 'IsMalicious'
• #5242 [mitre-atlas] Migrate connector to be connector manager supported
• #5240 [valhalla] Migrate connector to be connector manager supported
• #5236 [microsoft-sentinel-incidents] Migrate connector to be connector manager supported
• #5232 [red-flag-domains] Migrate connector to be connector manager supported
• #5216 [dnstwist] Migrate connector to be connector manager supported
• #5036 [crowdstrike] Add function to import vulnerabilities
• #4584 New Splunk App "OpenCTI for Splunk Enterprise"
• #4134 [virusTotal] Add 'suspicious' and 'undetected' findings to enrichment note
• #2263 [Hygiene] Support CIDR and Partial Domains

Bug Fixes:

• #5713 [RecordedFuture] Connector does not post state in run_and_terminate mode
• #5706 [MISP Feed] connector is putting 1 operation at each run despite nothing to process
• #5688 [sekoia.io] Duplicate calls to identities
• #4886 [MISP] All original tags as set as labels if MISP_KEEP_ORIGINAL_TAGS_AS_LABEL env var is empty

Pull Requests:

• [recorded-future] ensure all threads end before returning by @throuxel in #5721
• [red-flag-domains] Update connector to be "manager_supported" by @jabesq in #5661
• [ismalicious] New enrichment integration for 'IsMalicious' by @hexablob in #5481
• [dnstwist] Update connector to be "manager supported" by @Powlinett in #5650
• [microsoft-sentinel-incidents] Update connector to be "manager_supported" by @jabesq in #5640
• [misp] remove backward-compat workaround for original_tags_to_keep_as_labels by @ncarenton in #5705
• [SEKOIA.IO] update cache system in Sekoia connector by @mchupeau-sk in #5367
• [mitre-atlas] Update connector to be "manager_supported" by @jabesq in #5643
• [crowdstrike] Add function to import vulnerabilities (#5036) by @Kakudou in #5224
• [virustotal] Improve VT enrichment note by processing any results by @romain-filigran in #5748
• [misp-feed] Stop creating unnecessary work when there is nothing to process. by @jabesq in #5715
• [valhalla] Update connector to be "manager_supported" (#5240) by @jabesq in #5682
• [crowdstrike] fix _create_vulnerability by @throuxel in #5755
• [Doc] improve Hygiene documentation by @romain-filigran in #5697
• [ismalicious] Add logo and update supported version for isMalicious connector by @romain-filigran in #5735
• [urlscan-enrichment] Improve URLScan connector documentation to include the correct scope by @romain-filigran in #5744

New Contributors:

• @hexablob made their first contribution in #5481

Full Changelog: 6.9.16...6.9.17

Version 6.9.16

Enhancements:

• #5245 [urlhaus-recent-payloads] Migrate connector to be connector manager supported
• #5239 [wiz-cloud-landscape] Migrate connector to be connector manager supported
• #5233 [malwarebazaar-recent-addtions] Migrate connector to be connector manager supported

Pull Requests:

• [orange-cyberdefense-enrichment-v3] new internal-enrichment connector by @ocd-acauchy in #5624
• [orange-cyberdefense-v3] new external-import connector to replace the current one by @ocd-acauchy in #5623
• [Sekoia] Rollback Sekoia README documentation by @helene-nguyen in #5709
• [urlhaus-recent-payloads] Update connector to be "manager_supported" by @throuxel in #5687
• [wiz] Update connector to be "manager_supported" by @throuxel in #5683
• [malwarebazaar-recent-additions] Update connector to be "manager_supported" by @throuxel in #5678

Full Changelog: 6.9.15...6.9.16