Version 0.6.4

This update implements the following changes:

• Indicators are now imported as attributes and attached to an event for that specific indicator type, and an event for that specific indicator's malware family. Closes #45.
• Duplicate indicators are marked as a new sighting when the timestamp is newer.
  • This includes indicators that are attributes to CrowdStrike Report events.
  • This functionality can be disabled by setting the log_duplicates_as_sightings configuration parameter to False.
• Custom tagging functionality is restored. Closes #42.
• Easier command line arguments have been implemented. Closes #59.
  • Two new arguments, --all (import all) and --obliterate (remove all) have been added.
• Additional threading has been implemented.
• Additional performance tuning options are now available within the configuration file.
  • Based upon the target MISP instance, these values can be used to tune import speed and size to address load concerns.
  • ind_attribute_batch_size - Controls the batch size before updates to the MISP server are performed.

    This value cannot exceed api_request_max.

  • event_save_memory_refresh_interval - Maximum duration (in seconds) taken to save an event object before it is flushed from the memory cache and reloaded.
• Minor cleanup to the Actors process.
• Minor cleanup to the Reports process.