Changes - metacpan.org

Revision history for Perl extension CIF::Client.

0.11    2012-05-09
    - minor: added snort_msg_prefix to configuration file, default is ""
      if specified the msg:"" field of the outputted snort rules will be prefixed with
      the value. the 'standard' msg field of restriction-impact-description is left 
      unaltered. the prefix allows for some localization of the msg field but is not an override. 
            
	- 'references' from cif feeds needed reformatting to avoid warnings on snort restart,

	- 'content' included in snort rules needed some internal escaping to comply with snort parser (;\")
	

0.10    2012-05-07
    - bugfix to Iodef/Url.pm where Regexp::Common qw/URI/ wasn't functioning properly for google spreadsheet phishes

    - [jeff] modified config parsing to allow for [query] sections like [botnet/url] and so 
      on. you can use this to customize the snort output without needing to keep
      multiple config files. see example.conf 
      
    - [jeff] modified snort output plugin to properly handle feeds where the 'address' field contains
      a url. the snort rule will be properly formatted once the url is parsed. "the right thing"
      will happen if eg a port number is specified in the url, or an ip address, and so on. 
      only urls specifying the http protocol are processed. 
      
0.09    2012-04-30
	- changed snort output so that the 'protocol' field is set to tcp/udp/icmp/ip according to 
	  the value in the CIF database (previously 'ip' was always outputted)
	  
	- added to config file (~/.cif)
		variable		default
		----------------------------------------------------------------------------
		snort_classtype	null (won't appear in the outputted rules)
		snort_tag		null (won't appear in the outputted rules)
		snort_priority	default based on CIF severity (5=medium, 9=high otherwise 1)
		snort_threshold	"type limit,track by_src,count 1,seconds 3600"
		snort_srcnet	any
		snort_srcport	any
		
		example ~/.cif excerpt
		
		snort_startsid = 1234567000
		snort_classtype = botnet-connection-known
		snort_tag = "session, 50, packets"
		snort_priority = 1
		snort_sourcenet = "[$HOME_NET,!$TRUSTED]"

0.08    2012-04-04
    - fix to csv plugin, adding group map (thanks Adam S.).

0.07    2012-03-30
    - fixed bug in Iodef/Service.pm

0.05    2012-03-21
    - fixed bug with client displaying email address field
    - added POST function

0.04    2012-02-27
    - upstream REST::Client was fixed, bumped Makefile.PL to ver 243

0.03    2012-02-11
    - version bump for _01-_05        

0.02_05 2012-01-31
    - misc fixes
    - some unicode work-arounds for the table and csv plugin

0.02_04 2012-01-24
    - bugfix to snort plugin

0.02_03 2012-01-23
    - stupid bugfix

0.02_02 2012-01-23
    - added -I flag (round_confidence) to round down confidence using int() (see: perldoc -f int)

0.02_01 2012-01-19
    - added basic proxy support for testing

0.02 2012-01-19
    - added parser warnings to Table output
    - cleaned up bindzone output
    - cleaned up snort, bindzone and table doc

0.01 2011-12-19
    - added outfile option
    - initial stable release (i hope :x)
    - doc update
    - fixed bug in csv output
    - cleaned up table output wrt to long adddresses (over 32 chars)

0.01_11 2011-11-15
    - work-around for REST::Client install bug
    - doc fix

0.01_10 2011-10-25
    - bugfixes
    - Makefile.PL fixes

0.01_08 2011-09-28
    - added html output plugin
    - other performance fixes

0.01_07 2011-09-01
    - don't call ->plugins() from a loop, speeds things up
    - bugfixes to Plugin/Iodef/Url.pm wrt hashes
    - minor bugfix to Table display (malware md5's)

0.01_06  2011-07-28
    - added group (guid) support
    - minor bugfix to Plugin::Table
    - added "query" value to feed-> passthrough

0.01_05  2011-07-27
    - minor bugfixes
    - added tls_verify option

0.01_04  2011-07-27
    - minor bugfixes

0.01_03  2011-07-25
    - minor bugfixes
    - doc updates (cif -h)
    - few changes to the 'defaults' for restriction

0.01_02  2011-07-16
    - few minor bugfixes

0.01_01  2011-07-01
    - revamped for working with cif-0.01_03 api
    - added Iodef plugin to trasnlate IODEF json documents to simple hashes

0.00_03  2011-01-19
    - updated for use with new CIF::WebAPI
    - CIF::WebAPI now handles the regex
    - added transparent zlib layer for use with CIF::WebAPI compression
    - added ability to modify default ->table() display
    - now installing example.pl as /usr/local/bin/cif for commandline use
    - added ability to set fields (it'll autopick based on the feed)
    - added plugins feature (snort, csv, bindzone, iptables, raw)
    - updated to be used with Config::Simple

0.00_02  2010-11-08
    - updated to be used with CIF::WebAPI

0.00_01  Sat Jul 10 03:12:57 2010
    - original beta version
	Global
`s`	Focus search bar
`?`	Bring up this help dialog
	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)
	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse
	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)