All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
The public API for this project is defined by the set of
functions provided by the src folder and the following files: docker-compose.yml, Dockerfile, entrypoint.sh
1.1.0 - 2024-??-??
- Change default recommended name from
crowdsectoCrowdSec - Change CTI url to the console one
- Skip enrichment if the observable has already been enriched by CrowdSec less than a configurable time ago
- Add setting to enable/disable the creation of an Indicator depending on the retrieved CrowdSec's CTI reputation
- Add setting to enable/disable the creation of an Attack Pattern from Mitre techniques
- Add setting to enable/disable the creation of a Sighting related to CrowdSec organization
- Add setting to enable/disable the creation of a Sighting for each targeted country
- Add setting to enable/disable the creation of a Note in observable
- Add label types (
reputation,scenario's name,scenario's label,behavior,cve,mitre techniques) and associated colors - And settings to enable/disable each label type
- Add setting to store last CrowdSec enrichment date in description
- Add setting to specify a minimum delay between two enrichments
- Remove
CROWDSEC_NAMEandCROWDSEC_DESCRIPTIONsettings
1.0.0 - 2024-04-19
- Initial release