- Fix bug in handling idna encoded domain names. Roomgraph with rules like
"domain name" in *.example.comcrashed if event had idna encoded domain name that didn't cleanly convert to unicode.
- Improved the harmonization document:
- better readability
- added a new functional type, compromised account
- added a new threat type, policy violation
- Fix IMAPBot to work correcty when UIDs change between sessions.
- Raise ValueError if RegExp pattern is invalid.
- Fix CSVReader to work also using Python 2.6.
- Include
statusin abuse.ch's Feodo C&C feed. - GeoIP augmentation: Add coordinates even if one of them is zero.
- Handle malformed input data using
replacemode in CSVReader.
- Add support for DataPlane's DNS feeds.
- Improve fetch_url():
- Use ssl.create_defaut_context() when available (Python 2.7.9 or newer). This enables SNI support and tries to choose reasonably secure protocol and cipher settings.
- Use Python's builtin functionality for finding and loading system's CA bundle when running on modern Python (2.7.9+).
- Improve the description of host-based artifacts in Data Harmonization Ontology.
- Fix comparison of Session() objects.
- Fix crash in mailer if connection is lost when sending mail.
- Remove support for OpenBL feed.
- Add support for DataPlane's VNC RFB feed
- Use "malware family" when creating description in abuse.ch's feeds
- Remove support for abuse.ch's Palevo Tracker
- Update the VXVault feed URL
- Add support for DataPlane feeds
- Improve usability by creating required directories automatically (#85)
- Improve robustness and add more human readable error messages (#86)
- Improve the DHO with the "vulnerability" key to help in correlating the vulnerable service reports and "source" to help in better describe aggregated indicators collated by a feeder.
- Remove support for Dragon Research Group's feeds
- Remove support for AutoShun feed
- Add drop_older_than parameter for bots, which can be used to ignore too old events ([debd818] (https://github.com/abusesa/abusehelper/commit/debd818aec929864be24e580ff09b99d6abb42ea))
- Add log level option for bots (#80).
- Remove duplicate parsing code from
abusehelper.bots.openbl.openblbot([adc6eb1] (https://github.com/abusesa/abusehelper/commit/adc6eb1868f15347384423c066b6e73afb2b05cc))
- Fixed the core keys and values to conform with the DHO, Data Harmonization Ontology.
- Changes to "type" values:
- "malware" -> "malware url"
- "exploit" -> "exploit url"
- Changes to keys:
- "malware" -> "malware family"
- Remove
abusehelper.core.archivebot. Encouraging users to move to useabusehelper.bots.archivebot.archivebotinstead which supports JSON archiving and daily rotation of the archives (#23, #24)
- Convert default URLs to use HTTPS instead of HTTP in following bots:
abusehelper.bots.autoshun.autoshunbot,abusehelper.bots.dragonresearchgroup.ssh,abusehelper.bots.malc0de.malc0debot,abusehelper.bots.phishtank.phishtankbot,abusehelper.bots.spamhaus.dropandabusehelper.bots.malwaredomainlist(#70). - Current AbuseHelper version is published in
abusehelper.__version__(#69).
- Switch to setuptools for packaging (#37)
- Transformation handlers (#54)
- See pull request (#54) for details.
- Removed SpyEye tracker bots. (#65)
- Add option to provide custom CA certificate file to abusehelper.core.imapbot, abusehelper.core.mail.imapbot and abusehelper.core.mailer. (#57, #58, #62)
- New
abusehelper.core.mailpackage. (#6) - See abusehelper/core/mail/README.md for details.
- Fixed TLS MITM vulnerability in abusehelper.core.imapbot, abusehelper.core.mailer and abusehelper.core.utils.fetch_url modules. See docs/SECURITY-2016-01.md for more information.
- Simpler
abusehelper.core.roomgraphmultiprocessing implementation, which also boosts performance due to less idiokit overhead. (#50)
abusehelper.core.archivebotmodule now logs a deprecation warning. Archivebot,abusehelper.bots.archivebot.csvarchivebot, andabusehelper.bots.archivebot.rolloverarchivebotwill be replaced byabusehelper.bots.archivebotmodule.
- More extensive logging with tracebacks when
abusehelper.core.startupandabusehelper.core.runtimefail to load the configuration file (#36) - Add
abusehelper.bots.abusesech.ransomwarebot(#40)
- Add domain name patterns to the rule language (#7)
- Move
abusehelper.core.roomgraphrule matching to separate worker processes (5b524b1)- The new startup option
concurrency=[integer]defines how many worker processes should get launched, defaulting to1(2b2ce65)
- The new startup option
- Add a rotating and compressing JSON archivebot
abusehelper.bots.archivebot.archivebot(13173cb, #13, #26) - Add
abusehelper.tools.senderandabusehelper.tools.receiver(a75fae4, 5706398)senderis a tool for sending JSON formatted data as events to a XMPP room.receiveris for receiving events from a room as JSON.- See abusehelper/tools/README.md for reference.
- Change the bot return code and termination signal logging format to include the symbolic form of the signal along with the signal code. (#22)
- Support HTTPS URLs in mails processed by
abusehelper.core.shadowservermail. - Set socket timeouts for
abusehelper.core.imapbot's IMAP connections, controlled with themail_connection_timeout=[seconds]option and defaulting to 60 seconds. - Set socket timeouts for
abusehelper.core.mailer's SMTP connections, controlled with thesmtp_connection_timeout=[seconds]option and defaulting to 60 seconds.
- Remove
abusehelper.core.dshield, the DShield bot will be further maintained in the AbuseHelper Community repository (#14) - Legacy rules from
abusehelper.core.rules.compat(AND,OR,NOT,MATCH,ANYTHINGandNETBLOCK) have been removed after a deprecation period. Please use correspondingabusehelper.core.rulesfunctionality (And,Or, ...). - Remove backwards compatibility from
abusehelper.core.runtimeandabusehelper.core.startupwhen launching and maintaining running bots (#20) - Remove warn and fatal logging methods from
abusehelper.core.log.EventLogger(#19) - Remove temporary backwards compatibility code from
abusehelper.core.serialize(#21) - The migration period for the contrib package removal has ended. Please change all references of
abusehelper.contribpackage toabusehelper.bots. Several bots also migrated to the AbuseHelper community repository in https://bitbucket.org/ahcommunity/ahcommunity:- contrib.arbor.atlassrf
- contrib.arbor.ssh
- contrib.bgp-xmpp.bgprankingbot
- contrib.csv2xmpp.csv2xmpp
- contrib.experts.bgpexpert
- contrib.experts.bgpquaggaexpert
- contrib.experts.iscpdnsexpert
- contrib.experts.iso3166expert
- contrib.experts.observerexpert
- contrib.experts.malwarehash
- contrib.experts.passivedns
- contrib.experts.rtexpert
- contrib.experts.sshkeyscan
- contrib.experts.url2domain
- contrib.iplist.iplist
- contrib.logcollector.logcollectorbot
- contrib.malwareblacklist.malwareblacklistbot
- contrib.mailextras.iodef
- contrib.mailextras.signingmailer
- contrib.urllistmailbot.urllistmailbot
- contrib.opencollab.crypto
- contrib.opencollab.downloader
- contrib.opencollab.virtualboxsandbox
- contrib.opencollab.webshot
- contrib.opencollab.wikicryptostartup
- contrib.opencollab.wikiruntime
- contrib.opencollab.wikistartup
Historical release.