0.3.0

• Look up hostnames similarly to domain names, including relationships
• Look up fields srcip/dstIp in additional to src_ip/dest_ip etc.
• Correctly quit if there are no valid public IP addresses in source alert
• Add source rule.id as rule_id to alert
• Look up URLs found in audit execve args
• Use a consistent field name for the stix object type: rename "entity_type" to "type"

0.2.4

Support graphql API changes introduced in 5.12.24. This version only works on OpenCTI version 5.12.24 or later (until OpenCTI suddenly changes their API again).

0.2.3

This corrects the previous attempt (in 0.2.2) to use the new filter syntax, which resulted in a bad filter that created a flood of alerts due to bad matching.

0.2.1

• Ignore local IP addresses returned by DNS replies
• Ignore returned indicators whose pattern doesn't fully match the pattern in the search (#7)

0.2.0

Merge pull request #6 from misje/dev

0.2.0