- Add a comment in
README.md
regarding required access rights in MISP. - Add a configuration option for the logging level and clean up logging.
- Bug fix to set the date when iSight doesn't provide a date.
- FireEye iSight reports can contain multiple ThreatScapes. This is taken into account now.
- For the malware family in iSight reports, use the "antivirus detection" category in MISP instead of "payload installation".
- When iSight provides an IP address in combination with a port, we always assume that it's a destination IP address.
- Tagging of attributes didn't work yet. This bug has been fixed.
- Updated the example config file.
- Tried to make test_pysight.py work again, but didn't succeed.
- Don't create filename attributes when the file's name is UNKNOWN (case insensitive).
- Improvements to comments of attributes and objects.
- Don't create ip address attributes when the IP address is provided in addition to a hostname.
- Remove the function to test connectivity to the FireEye iSight API.
- Create hostname|port attributes if both values are provided by FireEye iSight.
- Fix a mistake in adding comments to MISP objects.
- Remove the option to sleep in non-threaded processing.
- Add configuration option for number of threads.
- Intercept response code 204 from FireEye iSight API.
- Differentiate whether a proxy shall be used for the FireEye iSight API, for MISP, or for both.
- Proper handling of publishDate data in pySightReport.py.
- Replace PyMISP with ExpandedPyMISP.
- Expand mapping of iSight fields to MISP objects, attributes and tags.
- remove proxymanager
- added Tag for C2 Attribute based
- fixed date issue with reports (strings instead of float values in seconds)
- started with attribute level tagging
- made it python3 ready
- adjusted the requirements
- added *.log to gitignore
- intro of requirements.txt
- added some stuff to example config
- refactored a lot of variables
- removed a lot of issues
- added threading option and sleep time to config
- added C2 as bool in PySightReport
- added C2 check in File to add tags in the future as well
- added C2 example in test_data
- added other example file from https://docs.fireeye.com/iSight/index.html#/report_download
- removed threat actor other
- initial version to be used with prod MISP
- fixed time / date issue
- introducing test cases
- code cleaning
- new signatures for some methods
- disable log messages from the Requests library
- remove file size temporary to reduce noise in an event
- https://git.gcert.basf.net/fireeye/PySight/issues/3
- https://git.gcert.basf.net/fireeye/PySight/issues/5
- modified pySightReport
- error handling
- better correlation
- improved parsing a lot
- pushed first sets to prod MISP
- logging to file
- saving of each indicator set to a file
- added pySightReport.py
- added Changelog
- API with iSight is working
init