Version 0.7.0

jshcodes released this 28 Apr 13:45

· 43 commits to main since this release

Version 0.7.0

This update provides the following new functionality:

Maps CrowdStrike adversaries to the MISP Threat Actor galaxy. Existing adversaries are identified within the current galaxy, and new galaxy clusters are create for adversaries that are not present. These threat actors are removed as part of adversary delete operations.
Maps target sectors to the MISP Sector galaxy.
Maps target regions to the MISP Regions M49 galaxy.
Maps target countries to the MISP Countries galaxy.
Dramatically expands malware identification by looking up malware in additional MISP galaxies. The galaxy.ini file is still leveraged to override undesired matches by forcing a galaxy mapping.
Resolves the publishing issue for Malware / Indicator type events. Closes #123.

What's Changed

Bump crowdstrike-falconpy from 1.2.11 to 1.2.14 by @dependabot in #121
Bump urllib3 from 1.26.14 to 1.26.15 by @dependabot in #105
Bump pymisp from 2.4.168 to 2.4.170.1 by @dependabot in #122
Version 0.7.0 - Expanded galaxy mappings by @jshcodes in #124

Full Changelog: v0.6.9...v0.7.0

Contributors

dependabot and jshcodes

Assets 2