REL: maintenance version 2.2.2

CHANGELOG.md

@@ -1,22 +1,14 @@
 CHANGELOG
 ==========
 
-2.2.2 (unreleased)
+2.2.2 (2020-10-27)
 ------------------
 
-### Configuration
-
 ### Core
 - `intelmq.lib.upgrades`:
   - Add upgrade function for renamed Shadowserver feed name "Blacklisted-IP"/"Blocklist".
 
-### Development
-
-### Harmonization
-
 ### Bots
-#### Collectors
-
 #### Parsers
 - `intelmq.bots.parsers.shadowserver`:
   - Rename "Blacklisted-IP" feed to "Blocklist", old name is still valid until IntelMQ version 3.0 (PR#1588 by Thomas Hungenberg).
@@ -33,8 +25,6 @@ CHANGELOG
   - Fix cache key calculation which previously led to duplicate keys and therefore wrong results in rare cases. The cache key calculation is intentionally not backwards-compatible (#1592, PR#1606).
   - The bot now caches and logs (as level INFO) empty responses from Cymru (PR#1606).
 
-#### Outputs
-
 ### Documentation
 - README:
   - Add Core Infrastructure Initiative Best Practices Badge.
@@ -64,6 +54,8 @@ CHANGELOG
 - Bash completion scripts: Check both `/opt/intelmq/` as well as LSB-paths (`/etc/intelmq/` and `/var/log/intelmq/`) for loading bot information (#1561, PR#1628 by Birger Schacht).
 
 ### Known issues
+- Bots started with IntelMQ-Manager stop when the webserver is restarted. (#952).
+- Corrupt dump files when interrupted during writing (#870).
 
 
 2.2.1 (2020-07-30)

NEWS.md

@@ -11,20 +11,10 @@ See the changelog for a full list of changes.
 The cache key calculation has been fixed. It previously led to duplicate keys for different IP addresses and therefore wrong results in rare cases. The cache key calculation is intentionally not backwards-compatible. Therefore, this bot may take longer processing events than usual after applying this update.
 More details can be found in [issue #1592](https://github.com/certtools/intelmq/issues/1592).
 
-### Requirements
-
-### Tools
-
 ### Harmonization
 #### Shadowserver Feed/Parser
 The feed "Blacklisted-IP" has been renamed by ShadowServer to "Blocklist". In IntelMQ, the old name can still be used in IntelMQ until version 3.0.
 
-### Configuration
-
-### Libraries
-
-### Postgres databases
-
 
 2.2.1 Bugfix release (2020-07-30)
 ----------------------------------

debian/changelog

@@ -1,8 +1,8 @@
-intelmq (2.2.2~alpha1-1) UNRELEASED; urgency=medium
+intelmq (2.2.2-1) stable; urgency=medium
 
-  * Update to 2.2.2 Alpha.
+  * Update to 2.2.2.
 
- -- Sebastian Wagner <[email protected]>  Mon, 03 Aug 2020 12:59:51 +0200
+ -- Sebastian Wagner <[email protected]>  Tue, 27 Oct 2020 17:50:36 +0100
 
 intelmq (2.2.1-1) stable; urgency=medium
 

docs/Feeds.md

@@ -1193,12 +1193,40 @@ server {
 * **Configuration Parameters:**
 
 
-## CTIP via Azure
+## CTIP C2 via Azure
 
 * **Public:** unknown
 * **Revision:** 2020-05-29
 * **Documentation:** https://docs.microsoft.com/en-us/security/gsp/informationsharingandexchange
-* **Description:** Collects CTIP (Sinkhole data) files from a shared Azure Storage. The feed is available via Microsoft’s Government Security Program (GSP).
+* **Description:** Collects the CTIP C2 feed from a shared Azure Storage. The feed is available via Microsoft’s Government Security Program (GSP).
+* **Additional Information:** The cache is needed for memorizing which files have already been processed, the TTL should be higher than the oldest file available in the storage (currently the last three days are available). The connection string contains endpoint as well as authentication information.
+
+### Collector
+
+* **Module:** intelmq.bots.collectors.microsoft.collector_azure
+* **Configuration Parameters:**
+*  * `connection_string`: `{{your connection string}}`
+*  * `container_name`: `ctip-c2`
+*  * `name`: `CTIP C2 via Azure`
+*  * `provider`: `Microsoft`
+*  * `rate_limit`: `3600`
+*  * `redis_cache_db`: `5`
+*  * `redis_cache_host`: `127.0.0.1`
+*  * `redis_cache_port`: `6379`
+*  * `redis_cache_ttl`: `864000`
+
+### Parser
+
+* **Module:** intelmq.bots.parsers.microsoft.parser_ctip
+* **Configuration Parameters:**
+
+
+## CTIP Infected via Azure
+
+* **Public:** unknown
+* **Revision:** 2020-05-29
+* **Documentation:** https://docs.microsoft.com/en-us/security/gsp/informationsharingandexchange
+* **Description:** Collects the CTIP (Sinkhole data) from a shared Azure Storage. The feed is available via Microsoft’s Government Security Program (GSP).
 * **Additional Information:** The cache is needed for memorizing which files have already been processed, the TTL should be higher than the oldest file available in the storage (currently the last three days are available). The connection string contains endpoint as well as authentication information.
 
 ### Collector
@@ -1207,7 +1235,7 @@ server {
 * **Configuration Parameters:**
 *  * `connection_string`: `{{your connection string}}`
 *  * `container_name`: `ctip-infected-summary`
-*  * `name`: `CTIP via Azure`
+*  * `name`: `CTIP Infected via Azure`
 *  * `provider`: `Microsoft`
 *  * `rate_limit`: `3600`
 *  * `redis_cache_db`: `5`
@@ -1226,7 +1254,7 @@ server {
 * **Public:** unknown
 * **Revision:** 2018-03-06
 * **Documentation:** https://docs.microsoft.com/en-us/security/gsp/informationsharingandexchange
-* **Description:** Collects CTIP (Sinkhole data) files from the Interflow API.The feed is available via Microsoft’s Government Security Program (GSP).
+* **Description:** Collects the CTIP Infected feed (Sinkhole data for your country) files from the Interflow API.The feed is available via Microsoft’s Government Security Program (GSP).
 * **Additional Information:** Depending on the file sizes you may need to increase the parameter 'http_timeout_sec' of the collector. As many IPs occur very often in the data, you may want to use a deduplicator specifically for the feed.
 
 ### Collector

docs/INSTALL.md

@@ -24,8 +24,8 @@ The following instructions assume the following requirements. Python versions >=
 Supported and recommended operating systems are:
 * CentOS 7
 * Debian 9 and 10
-* OpenSUSE Leap 15.1
-* Ubuntu: 16.04, 18.04, 19.10, 20.04
+* OpenSUSE Leap 15.1, 15.2
+* Ubuntu: 16.04, 18.04, 20.04
 
 Other distributions which are (most probably) supported include CentOS 8, RHEL, Fedora and openSUSE Tumbleweed.
 

intelmq/lib/upgrades.py

@@ -26,7 +26,7 @@
            'v220_azure_collector',
            'v220_feed_changes',
            'v221_feed_changes',
-           'v222_feed_changes_1',
+           'v222_feed_changes',
            ]
 
 
@@ -501,7 +501,7 @@ def v221_feed_changes(defaults, runtime, harmonization, dry_run):
     return messages + ' Remove affected bots yourself.' if messages else changed, defaults, runtime, harmonization
 
 
-def v222_feed_changes_1(defaults, runtime, harmonization, dry_run):
+def v222_feed_changes(defaults, runtime, harmonization, dry_run):
     """
     Migrate Shadowserver feed name
     """
@@ -529,7 +529,7 @@ def v222_feed_changes_1(defaults, runtime, harmonization, dry_run):
     ((2, 1, 3), (v213_deprecations, v213_feed_changes)),
     ((2, 2, 0), (v220_configuration, v220_azure_collector, v220_feed_changes)),
     ((2, 2, 1), (v221_feed_changes, )),
-    ((2, 2, 2), (v222_feed_changes_1, )),
+    ((2, 2, 2), (v222_feed_changes, )),
 ])
 
 ALWAYS = (harmonization, )

intelmq/tests/lib/test_upgrades.py

@@ -569,7 +569,7 @@ def test_v221_feed_changes_2(self):
 
     def test_v222_feed_changes(self):
         """ Test v222_feed_changes """
-        result = upgrades.v222_feed_changes_1({}, V222, {}, False)
+        result = upgrades.v222_feed_changes({}, V222, {}, False)
         self.assertTrue(result[0])
         self.assertEqual(V222_OUT, result[2])
 

intelmq/version.py

@@ -1,2 +1,2 @@
-__version_info__ = (2, 2, 2, 'alpha1')
+__version_info__ = (2, 2, 2)
 __version__ = '.'.join(map(str, __version_info__))