v1.4.1

• Better regex for extraction of IP addresses from Unified Audit Logs
• Better error logging
• Improved Docstrings
• Improving logic for DNS
• Improving regex efficiency
• Adding better error-handling to DNS to resolve potential panic

v1.4.0

• Updating column headers to be 'dynamic' in response to arguments - headers will no longer appear for un-used options (DNS, TI, WhoIS, IDB)
• Adding WhoIS query capabilities for both IP Addresses and Domain Names (if using DNS)
• Adding Shodan InternetDB query capabilities for additional enrichment
• TODO: Adding rotating proxy support for live-query functionalities
• TODO: Adding multiple WhoIS servers for round-robin querying
• TODO: Adding user agent rotations for querries

v.1.3.4

• Updating IP Regex
• Updating DC ASN List
• Fixing an issue with 'combining' outputs

v1.3.3

• Fixing a potential issue when parsing files that caused concurrency panics by prematurely returning while channel sends were ongoing

v1.3.2

• Improving IPv6 detection regex
• Improving Private IP Address detection logic
• Improving -ipcol usage

v1.3.1

• New MaxMind API endpoint restrictions means we need both account ID and API key to perform an update moving forward via Basic Authentication
• Code has been updated to support this by using basic HTTP authentication scheme and expecting both Account ID and API Token
• API keys in envvar, file or cmdline must match new format - $ACCOUNTID:$APIKEY - colon separated account ID and Token
• Example: logboost.exe -api "111111:123_23231FmjeKAlsinir!" -updategeo

v1.3.0

• New ThreatsDB schema - old DB files will be incompatible as the database must be rebuilt from configured feeds.
• feed_config.json updates - converted tags to array type field to support multiple tag types for single feeds. Old files will be incompatible and must be converted to this format.
• Added -intelname parameter - must be used with -inteltype and -intelfile to ingest a local file.
• Added -includedc parameter - can be used with -updateti to include a datacenter feed - adds ~130 million IPs consuming ~7 GB of disk space
  • It is not necessary to use this as I've also added an ASN list of known datacenters that is used to do the same enrichment.
• Added new columns when doing Threat enrichment - feed_count and feeds - for better context on the IP hit.
• Cleaned up feeds
• Fixed a bug when enriching CSVs
• Numerous code cleanups/tweaks for readability

v1.2.0

• Adding "SourceFile" column when combining output CSVs

v1.1.0

• Minor updates to handle enrichment in cases where no API is provided but local databases already exist.

v1.0.0-beta

Initial Release for Testing