Merge branch 'maintenance' into develop

Author: Sebastian Wagner

CHANGELOG.md

@@ -12,6 +12,8 @@ CHANGELOG
 ### Configuration
 
 ### Core
+- `intelmq.lib.bot_debugger`: Fix accessing the bot's destination queues (PR#2027 by Mikk Margus Möll).
+- `intelmq.lib.pipeline`: Fix handling of `load_balance` paramter (PR#2027 by Mikk Margus Möll).
 
 ### Development
 
@@ -24,6 +26,7 @@ CHANGELOG
 - `intelmq.bots.collectors.http.collector_http_stream`: Fix access to parameters, the bot wrongly used `self.parameters` (by Sebastian Wagner).
 
 #### Parsers
+- `intelmq.bots.parsers.microsoft.parser_ctip`: Map `Payload.domain` to `destination.fqdn` instead of `extra.payload.domain` as it matches to `destination.ip` from `DestinationIp` (PR#2023 by Sebastian Wagner).
 
 #### Experts
 - `intelmq.bots.experts.truncate_by_delimiter.expert`: Cut string if its length is higher than a maximum length (PR#1967 by Marius Karotkis).

docs/dev/feeds-wishlist.rst

@@ -28,6 +28,7 @@ This list evolved from the issue :issue:`Contribute: Feeds List (#384) <384>`.
 - List of potentially interesting data sources:
 
   - `Abuse.ch SSL Blacklists <https://sslbl.abuse.ch/blacklist/>`_
+  - `AbuseIPDB <https://www.abuseipdb.com/pricing>`_
   - `Adblock Plus <https://adblockplus.org/en/subscriptions>`_
   - `apivoid IP Reputation API <https://www.apivoid.com/api/ip-reputation/>`_
   - `Anomali Limo Free Intel Feed <https://www.anomali.com/resources/limo>`_
@@ -80,6 +81,7 @@ This list evolved from the issue :issue:`Contribute: Feeds List (#384) <384>`.
   - `Neo23x0 signature-base <https://github.com/Neo23x0/signature-base/tree/master/iocs>`_
   - `OpenBugBounty <https://www.openbugbounty.org/>`_
   - `Phishing Army <https://phishing.army/>`_
+  - `Phishstats <https://phishstats.info/>`_, offers JSON ("API) and CSV download.
   - `Project Honeypot (#284) <http://www.projecthoneypot.org/list_of_ips.php?rss=1>`_
   - `RST Threat Feed <https://rstcloud.net/>`_ (offers a free and a commercial feed)
   - `SANS ISC <https://isc.sans.edu/api/>`_

docs/user/installation.rst

@@ -121,7 +121,7 @@ These are the operating systems which are currently supported by packages:
 * **Fedora 33**
 * **Fedora 34**
 * **openSUSE Leap 15.2**
-* **openSUSE Leap 15.3**
+* **openSUSE Leap 15.3** (make sure the ``openSUSE:Backports:SLE-15-SP3`` repository is enabled)
 * **openSUSE Tumbleweed**
 * **Ubuntu 18.04** (enable the universe repositories by appending `universe` in `/etc/apt/sources.list` to `deb http://[...].archive.ubuntu.com/ubuntu/ bionic main` first)
 * **Ubuntu 20.04** (enable the universe repositories by appending `universe` in `/etc/apt/sources.list` to `deb http://[...].archive.ubuntu.com/ubuntu/ focal main` first)

intelmq/bots/parsers/microsoft/parser_ctip.py

@@ -139,7 +139,7 @@
     "Payload.port": "extra.payload.port",
     "Payload.serverIp": "extra.payload.server.ip",
     "Payload.serverPort": "extra.payload.server.port",
-    "Payload.domain": "extra.payload.domain",
+    "Payload.domain": "destination.fqdn",
     "Payload.family": "extra.payload.family",
     "Payload.malware": "extra.payload.malware",
     "Payload.response": "extra.payload.response",

intelmq/tests/bots/parsers/microsoft/test_parser_ctip_azure.py

@@ -52,7 +52,7 @@
     "extra.payload.port" :65116,
     "extra.payload.server.ip": "198.18.185.162",
     "extra.payload.server.port": 80,
-    "extra.payload.domain": "example.com",
+    "destination.fqdn": "example.com",
     "extra.payload.family":"tinba",
     "extra.payload.response":"Response",
     "extra.payload.handler":"tinba",
@@ -129,7 +129,7 @@
         'event_description.text': 'Microsoft.DCU.CTIP.Sinkhole',
         'extra.custom_field1': 'andromeda210',
         'extra.malware': 'Avalanche',
-        'extra.payload.domain': 'example.com',
+        'destination.fqdn': 'example.com',
         'extra.payload.family': 'andromeda',
         'extra.payload.handler': 'handler1',
         'extra.payload.ip': '224.0.5.8',