ANY.RUN: Bugfix/Bump - Bugfixes, new TI features and dependencies updates #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Rename incorrect `team` value of parameter `opt_privacy_type` in `detonate` actions. The value must be `byteam`.
… to API Currently ANY.RUN Threat Intelligence API takes only major versions of OS as values in `os` parameter. OS names must be stripped from parameter's value, passed from the SOAR UI.
Add support for `Ubuntu 22.04.2` value of parameter `os` in `get intelligence` action.
Add support for new values of parameter `suricataclass` in `get intelligence` action. The following new values have been added: - Attempted User Privilege Gain - Domain Observed Used for C2 Detected - Executable code was detected - Exploit Kit Activity Detected - Malware Command and Control Activity Detected - Successful Administrator Privilege Gain - Successful Credential Theft Detected - Successful User Privilege Gain - Targeted Malicious Activity was Detected - Unsuccessful User Privilege Gain - Web Application Attack - A client was using an unusual port - A suspicious filename was detected - A system call was detected - Access to a potentially vulnerable web application - An attempted login using a suspicious username was detected - Attempt to login by a default username and password - Attempted Denial of Service - Crypto Currency Mining Activity Detected - Decode of an RPC Query - Denial of Service - Detection of a Denial of Service Attack - Detection of a non-standard protocol or event - Device Retrieving External IP Address Detected - Information Leak - Large Scale Information Leak - Possible Social Engineering Attempted - Possibly Unwanted Program Detected - A suspicious string was detected - Detection of a Network Scan - Generic ICMP event - Unknown Traffic - A TCP connection was detected The following values have been removed: - unknown
Add support for new query parameters in ANY.RUN Threat Intelligence API. The following new parameters have been added: - fileEventName - fileExtension - syncObjectName - syncObjectType - syncObjectOperation - JA3 - JA3S - JARM
Update `aiohappyeyeballs` dependency to version 2.4.6. Update `aiohttp` dependency to version 3.11.12. Update `aiosignal` dependency to version 1.3.2. Update `async_timeout` dependency to version 5.0.1. Update `attrs` dependency to version 25.1.0. Update `frozenlist` dependency to version 1.5.0. Update `idna` dependency to version 3.10. Update `multidict` dependency to version 6.1.0. Update `yarl` dependency to version 1.18.3. Update `anyrun` dependency to version 0.1.3. Latest version of `yarl` introduces new dependency - `propcache`.
Prepare new release.
|
Thank you for your submission! We have a total of 9 PRs open right now, and we are working hard on all of them! We will take a look as soon as we can. |
t0x01
force-pushed
the
bump/1.3.0-fixes-and-new-features
branch
from
b2a7334 to
1ebfc90
Compare
t0x01
commented
Feb 26, 2025
| }, | ||
| { | ||
| "module": "anyrun", |
There was a problem hiding this comment.
Hello @mmomin-crest
The anyrun module is required for this connector to work. It is still not available publically, yes, but connector will not work without it. Please, tell me, if you need any additional information about it.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please ensure your pull request (PR) adheres to the following guidelines:
Pull Request Checklist
Please check if your PR fulfills the following requirements:
<App Name>: <PR Type> - <PR Description>nextbranch of the forked repo. Create separate feature branch for raising the PR.Pull Request Type
Please check the type of change your PR introduces:
Security Considerations (REQUIRED)
please document them in the
manual_readme_content.md.manual_readme_content.mdall methods (eg, OAuth) used to authenticatewith the service that the connector is integrating with.
manual_readme_content.md.the Vault API.
nosemgrep?If yes, please provide justification in an additional comment next to the ignored code.
Release Notes (REQUIRED)
teamvalue of parameteropt_privacy_typeindetonateactionsosparameter values not being passed correctly to API inget intelligenceactionUbuntu 22.04.2value of parameterosinget intelligenceactionsuricataclassinget intelligenceactionget intelligenceactionWhat is the current behavior? (OPTIONAL)
opt_privacy_typeparameter is set toteam, ANY.RUN API will return an error. The value must bebyteam.get intelligenceaction, ifosparameter is used, TI query will return no data. Currently, ANY.RUN Threat Intelligence API takes only major versions of OS as values inosparameter.What is the new behavior? (OPTIONAL)
opt_privacy_typeparameter now uses correct value list. Valueteamis replaced withbyteam.get intelligenceaction OS name is now being stripped fromosparameter, so only OS major version is passed to TI query.Pay close attention to (OPTIONAL)
get intelligenceaction parametersuricataclassno longer supportsunknownvalue.Thanks for contributing!