Release 0.9.5

Changes

• Improved handling of authentication failure with the MISP server. (3c38012)
• Improved handling of authentication failure with the Pandora server. (b86314a)
• Updated dependencies.

Fix

• The configuration file is now loaded with read_file which returns an
  exception when the configuration file is not found. Closes #6.

Release 0.9.4

Changes

• [MISP lookup] The SHA1 values are now submitted in a single query;
• [MISP lookup] A new argument lets the user specify if the final output must be returned as a list of PyMISP Objects instead of the plain json output;
• [MISP lookup] Added possibility to specify the return format (json, stix2, csv, etc.);
• [core] Errors are always displayed, even in non-verbose mode.

Example

$ pyhids misp --help
usage: pyhids misp [-h] [--pythonify] [--return-format {openioc,json,xml,suricata,snort,text,rpz,csv,cache,stix-xml,stix,stix2,yara,yara-json,attack,attack-sightings,context,context-markdown}]

options:
  -h, --help            show this help message and exit
  --pythonify           Returns a list of PyMISP Objects instead of the plain json output.
  --return-format {openioc,json,xml,suricata,snort,text,rpz,csv,cache,stix-xml,stix,stix2,yara,yara-json,attack,attack-sightings,context,context-markdown}
                        Set the return format of the search.

$ pyhids misp --pythonify
[<MISPAttribute(type=filename|sha1, value=df3f35df7d529b38e524275bee0672cb|da39a3ee5e6b4b0d3255bfef95601890afd80709), <MISPAttribute(type=filename|sha1, value=sT2kYW.exe|da39a3ee5e6b4b0d3255bfef95601890afd80709),]

Release 0.9.3

Changes

• improved files handling and exit codes;
• improved checks on the loaded database;
• route errors from subprocess.run() to /dev/null.

Release 0.9.2

Fix

Fixed an issue related to the function responsible of returning the version of the software.

Release 0.9.1

Changes

• various improvements to the command line;
• new argument in order to specify if the output must be more verbose;
• new argument in order to display the version of the software;
• improved the creation of the default folders (for the YARA rules, Bloom filter and Cuckoo filter).

Release 0.9.0

New

It is now possible to export the database of pyHIDS in a Bloom or a Cuckoo filter.

$ pyhids export --bloom-filter
Bloom filter generated and stored: var/bloom/bloomfilter.bf
$ pyhids export --cuckoo-filter
Cuckoo filter generated and stored: var/cuckoo/cuckoofilter.cf

Changes

Various improvements and minor fixes.

Release 0.8.0

YARA can now be used in order to look for malicious files in the database of pyHIDS.

Release 0.7.1

Small fixes and improvements.

Release 0.7.0

New

MISP can now be used in order to look for malicious files in the database of pyHIDS.

Release 0.6.2

This release fixes an issue when no configuration file is found.