All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
The public API for this project is defined by the set of
functions provided by the src
folder and the following files: docker-compose.yml
, Dockerfile
, entrypoint.sh
1.1.0 - 2024-??-??
- Change default recommended name from
crowdsec
toCrowdSec
- Change CTI url to the console one
- Skip enrichment if the observable has already been enriched by CrowdSec less than a configurable time ago
- Add setting to enable/disable the creation of an Indicator depending on the retrieved CrowdSec's CTI reputation
- Add setting to enable/disable the creation of an Attack Pattern from Mitre techniques
- Add setting to enable/disable the creation of a Sighting related to CrowdSec organization
- Add setting to enable/disable the creation of a Sighting for each targeted country
- Add setting to enable/disable the creation of a Note in observable
- Add label types (
reputation
,scenario's name
,scenario's label
,behavior
,cve
,mitre techniques
) and associated colors - And settings to enable/disable each label type
- Add setting to store last CrowdSec enrichment date in description
- Add setting to specify a minimum delay between two enrichments
- Remove
CROWDSEC_NAME
andCROWDSEC_DESCRIPTION
settings
1.0.0 - 2024-04-19
- Initial release