v2.6

Patches:

• Update plyara dependency to a fork of the library

v2.5

Improvements:

• Add more date formats for auto-parsing/correction

Full Changelog: v2.4...v2.5

v2.4

What's Changed

• fix typo in validator_functions.py by @xe6077 in #77
• Fix bug with generating metadata for all rules within rules file by @cccs-rs in #78

New Contributors

• @xe6077 made their first contribution in #77

Full Changelog: v2.3...v2.4

v2.3

What's Changed

• Update README to correspond to current code by @cccs-rs in #75
• Allow MITRE queries to more than enterprise-attack by @cccs-rs in #76

Full Changelog: v2.2...v2.3

v2.2

Performance improvements (thanks @jxb5151 !)

v2.1

Changes

• Update settings.json to match current metadata spec
• Add more date formats for parsing
• Try to automatically handle validation errors where possible with hash

CCCS-Yara is now pip-installable and available on PyPI

Merge pull request #53 from CybercentreCanada/package

pip-installable Package

Version 1.6.2

NEW FEATURES

• Added the -st flag to the yara_validator_cli.py. This causes the cli to return a exit code 49 for warnings.
• Added a validity check with the yara-python library
• Added the -m flag to the yara_validator_cli.py. This flag overrides the check for modules that have not been imported.

CHANGES

• Updating the MITRE ATT&CK submodule to the version 8.2
• Added yara-python>=4.0.2 to the requirements.txt file

BUG FIXES

• A couple of bug fixes related to the new yara-python validity check, these bugs resulted in rules that should be valid getting marked invalid
• Fixed a bug that caused yara_file_processor.py to exit with an error if a string was passed instead of a Path object.
• Fixed a bug that would cause lines with only space or tab characters to double on each pass with the -i flag.

Auto generation of MITRE ATT&CK software ids

NEW FEATURES

• Automatic generation of mitre_att software ids for malware or tool names found in the MITRE ATT&CK database

CHANGES

• Updating the MITRE ATT&CK submodule to the latest released version

BUG FIXES

• None

Change default behaviour of the cli

NEW FEATURES

• None

CHANGES

• changed the error message for missing metadata that could have been generated

  • "⚙️ Missing metadata that could have been generated with the -i or -c flag for the cli"

• changed the default behaviour of the cli

  • a rule now returns invalid if it is missing the 'id', 'fingerprint', 'version', 'first_imported' or 'last_modified' metadata
  • see PR #34 for details on the reason behind this

BUG FIXES

• None