opencybersecurityalliance/stix-shifter

💥 Breaking changes:

• None

🗑️ Deprecations:

• None

📋 Changes:

• Modernised core dependencies and applied security updates (contribution by @toliver-hb) to address known vulnerabilities and improve STIX pattern parsing reliability. [#1776](https://github.com/opencybersecurityalliance/stix-shifter/pull/1776)
• Upgraded antlr4-python3-runtime to `4.13.2` and regenerated STIX pattern grammar files.
• Added a runtime compatibility workaround for the `stix_bundle` connector to mitigate an upstream issue in `stix2-matcher==3.0.0` that caused `"'datetime.datetime' object is not iterable"` errors.
• Removed incorrect timestamp manipulation logic that affected STIX 2.0 pattern handling.
• Removed unused NumPy dependency from core requirements (still required by the Azure Log Analytics connector module). [#1781](https://github.com/opencybersecurityalliance/stix-shifter/pull/1781)

🐛 Fixes:

• Patched multiple security vulnerabilities via updated dependencies. [#1782](https://github.com/opencybersecurityalliance/stix-shifter/pull/1782), [#1778](https://github.com/opencybersecurityalliance/stix-shifter/pull/1778), and [#1776](https://github.com/opencybersecurityalliance/stix-shifter/pull/1776)

📦 Dependency update:

• Bump pyOpenSSL → `25.3.0`
• Bump antlr4-python3-runtime → `4.13.2`
• Bump aioboto3 → `>=15.2.0,<16.0.0`
• Constrain aiomysql → `>=0.3.2,<0.4.0`
• Bump attrs → `24.2.0`
• Bump flask → `3.1.3`
• Bump numpy (Azure Log Analytics module only) → `>=2.1.0,<3.0.0`
• Bump stix2-patterns → `2.1.2`
• + 2 more

💥 Breaking changes:

• None

🗑️ Deprecations:

• None

📋 Changes:

• Resolved incompatibility with newer `pip` (v26) caused by a non-PEP517-compliant transient dependency (`aiosonic`) affecting the Datadog connector. [#1774](https://github.com/opencybersecurityalliance/stix-shifter/pull/1774)

🐛 Fixes:

• Addressed security vulnerability related to aiomysql dependency constraints. [#1775](https://github.com/opencybersecurityalliance/stix-shifter/pull/1775)

📦 Dependency update:

• Bump datadog_api_client[async] → `>=2.40.0,<3.0.0`
• Constrain aiomysql → `>=0.3.2,<0.4.0`

💥 Breaking changes:

• None

🗑️ Deprecations:

• None

📋 Changes:

• Increased default connection timeout to 10 seconds to improve reliability for slower or high-latency environments. [#1772](https://github.com/opencybersecurityalliance/stix-shifter/pull/1772)

🐛 Fixes:

• None

📦 Dependency update:

• None

💥 Breaking changes:

• None

🗑️ Deprecations:

• None

📋 Changes:

• Updated project metadata to explicitly require Python ≥ 3.10.
• Refactored build system to remove deprecated `setup.py` invocation and adopt a PEP 517/518-compliant build workflow:
• Introduced new `build_tools` module (`run_build.py`, `build.py`, `pre_build.py`, `generate_pyproject.py`, `logging_setup.py`).
• Builds are now performed via `python -m build_tools.run_build` (and optional `install` mode), replacing all previous `setup.py` commands.
• Wheels now follow the modern naming format: `NAME_VERSION-py3-none.whl`.

🐛 Fixes:

• Restored build reliability by resolving failures caused by deprecated setuptools behavior.

📦 Dependency update:

• None

💥 Breaking changes:

• None

🗑️ Deprecations:

• None

📋 Changes:

• Updated the supported minimum version of python-dateutil to `2.9.0` to improve compatibility with modern Python packages and Python versions 3.10-3.12.

🐛 Fixes:

• Resolved dependency conflict with projects requiring python-dateutil >=2.9.0.

📦 Dependency update:

• Bump python-dateutil from `2.8.2` → `>=2.9.0,<3.0.0`

💥 Breaking changes:

• Minimum Python version raised to 3.10; Python 3.9 support removed due to EOL.
• Support now officially targets Python 3.10 – 3.12.

🗑️ Deprecations:

• Python 3.9 and below are no longer supported.

📋 Changes:

• CI updated to remove Python 3.9 and add coverage for Python 3.11 and 3.12.
• Updated core and module requirements to support modern Python versions.

🐛 Fixes:

• Resolved compatibility issues with NumPy on Python 3.12.

📦 Dependency update:

• Bump NumPy from `1.24.4` → `>=1.26,<1.27`.
• Bump Pandas (Azure Log Analytics module) from `1.5.2` → `>=2.0.0`.
• Bump urllib3 from `1.26.19` → `>=2.5.0,<3.0.0` to address:
• CVE-2025-50181
• CVE-2025-50182
• Bump aioboto3 from `12.1.0` → `>=15.0.0` to ensure compatibility with `urllib3 >=2.5.0`.

💥 Breaking changes:

• Minimum version must be 3.9 to resolve this security vulnerability. [#1744](https://github.com/opencybersecurityalliance/stix-shifter/pull/1744)

🐛 Fixes:

• Updating the code coverage version to resolve the failure. [#1743](https://github.com/opencybersecurityalliance/stix-shifter/pull/1743)

📦 Dependency update:

• Bump azure-identity from 1.16.1 to 1.19.0 in /stix_shifter [#1740](https://github.com/opencybersecurityalliance/stix-shifter/pull/1740)
• Bump mysql-connector-python from 8.0.25 to 9.1.0 in /stix_shifter_modules/mysql [#1742](https://github.com/opencybersecurityalliance/stix-shifter/pull/1742)
• Resolve cryptography vulnerability [#1756](https://github.com/opencybersecurityalliance/stix-shifter/pull/1756)

📋 Changes:

• Added a new crowdstrike connector that uses the V2 endpoint [#1724](https://github.com/opencybersecurityalliance/stix-shifter/pull/1724)
• Updated the changelog [#1731](https://github.com/opencybersecurityalliance/stix-shifter/pull/1731)

🐛 Fixes:

• Small fix for integer values in crowdstrike. [#1736](https://github.com/opencybersecurityalliance/stix-shifter/pull/1736)

📦 Dependency update:

• Updating the azure-identity dependencies. [#1734](https://github.com/opencybersecurityalliance/stix-shifter/pull/1734)

💥 Breaking changes:

• Moving Flask Out of Core Stix-Shifter [#1730](https://github.com/opencybersecurityalliance/stix-shifter/pull/1730)

📋 Changes:

• Warning added for unmapped from_stix fields. [#1729](https://github.com/opencybersecurityalliance/stix-shifter/pull/1729)
• Update code-coverage.yml [#1711](https://github.com/opencybersecurityalliance/stix-shifter/pull/1711)

🐛 Fixes:

• Domain regex in some connectors had potential for performance issues [#1728](https://github.com/opencybersecurityalliance/stix-shifter/pull/1728)
• Rest API was not properly pulling in environment variables for proxy [#1727](https://github.com/opencybersecurityalliance/stix-shifter/pull/1727)

📋 Changes:

• Updating urllib3 to 1.26.19 [#1725](https://github.com/opencybersecurityalliance/stix-shifter/pull/1725)
• Resolved Tanium Connector errors [#1722](https://github.com/opencybersecurityalliance/stix-shifter/pull/1722)
• [#1721](https://github.com/opencybersecurityalliance/stix-shifter/pull/1721)
• [#1693](https://github.com/opencybersecurityalliance/stix-shifter/pull/1693)
• Added contrast scans [#1719](https://github.com/opencybersecurityalliance/stix-shifter/pull/1719)
• [#1718](https://github.com/opencybersecurityalliance/stix-shifter/pull/1718)
• [#1717](https://github.com/opencybersecurityalliance/stix-shifter/pull/1717)
• [#1715](https://github.com/opencybersecurityalliance/stix-shifter/pull/1715)
• + 2 more

🐛 Fixes:

• Removed the unused request toolbelt dependency [#1723](https://github.com/opencybersecurityalliance/stix-shifter/pull/1723)

📋 Changes:

• Allowing_Tenant_To_Be_Optional [#1708](https://github.com/opencybersecurityalliance/stix-shifter/pull/1708)

📋 Changes:

• Trellix Endpoint Security HX Connector [#1695](https://github.com/opencybersecurityalliance/stix-shifter/pull/1695)
• Symantec Endpoint Security UDI connector [#1694](https://github.com/opencybersecurityalliance/stix-shifter/pull/1694)
• Update e2eStixBundle01.json [#1702](https://github.com/opencybersecurityalliance/stix-shifter/pull/1702)
• Update e2eStixBundle01.json [#1698](https://github.com/opencybersecurityalliance/stix-shifter/pull/1698)
• Update e2eStixBundle01.json [#1697](https://github.com/opencybersecurityalliance/stix-shifter/pull/1697)
• Create e2eStixBundle01.json [#1696](https://github.com/opencybersecurityalliance/stix-shifter/pull/1696)
• SumoLogics readme and supported_stix docs update [#1691](https://github.com/opencybersecurityalliance/stix-shifter/pull/1691)

🐛 Fixes:

• Fixing the unit test failing. [#1706](https://github.com/opencybersecurityalliance/stix-shifter/pull/1706)

📋 Changes:

• CrowdStrike Logscale UDI Connector [#1631](https://github.com/opencybersecurityalliance/stix-shifter/pull/1631)
• Nozomi UDI connector [#1656](https://github.com/opencybersecurityalliance/stix-shifter/pull/1656)
• add feature to disable pagination and simplify API [#1676](https://github.com/opencybersecurityalliance/stix-shifter/pull/1676)
• remove non-standard powershell fields for ECS [#1684](https://github.com/opencybersecurityalliance/stix-shifter/pull/1684)
• Update code-coverage with new version of Codecov CLI and token[#1682](https://github.com/opencybersecurityalliance/stix-shifter/pull/1682)

🐛 Fixes:

• Reaqta various mapping fixes [#1683](https://github.com/opencybersecurityalliance/stix-shifter/pull/1683)

📋 Changes:

• adding support for LIKE operator in SumoLogic Module [#1670](https://github.com/opencybersecurityalliance/stix-shifter/pull/1670)
• Infoblox connector source changes [#1660](https://github.com/opencybersecurityalliance/stix-shifter/pull/1660)
• sumologic: use milliseconds since epoch for timestamps [#1668](https://github.com/opencybersecurityalliance/stix-shifter/pull/1668)
• sumologic: add support for != [#1658](https://github.com/opencybersecurityalliance/stix-shifter/pull/1658)
• map validator: additional checks for single quotes and extensions properties [#1667](https://github.com/opencybersecurityalliance/stix-shifter/pull/1667)

🐛 Fixes:

• Amazon athena resolve column not found exception [#1673](https://github.com/opencybersecurityalliance/stix-shifter/pull/1673)
• Updated requirements and changed SSL purpose [#1664](https://github.com/opencybersecurityalliance/stix-shifter/pull/1664)

📦 Dependency update:

• Bump json-fix from 0.5.2 to 1.0.0 in /stix_shifter [#1672](https://github.com/opencybersecurityalliance/stix-shifter/pull/1672)
• Bump colorlog from 6.8.0 to 6.8.2 in /stix_shifter [#1671](https://github.com/opencybersecurityalliance/stix-shifter/pull/1671)
• Bump regex from 2023.10.3 to 2023.12.25 in /stix_shifter [#1663](https://github.com/opencybersecurityalliance/stix-shifter/pull/1663)

📋 Changes:

• Aligning config and lang en values to match a standard. [#1653](https://github.com/opencybersecurityalliance/stix-shifter/pull/1653)
• Update to events mapping after content pack CEP changes [#1651](https://github.com/opencybersecurityalliance/stix-shifter/pull/1651)
• Update README.md [#1652](https://github.com/opencybersecurityalliance/stix-shifter/pull/1652)
• Sysdig exception handling updated [#1648](https://github.com/opencybersecurityalliance/stix-shifter/pull/1648)
• Aligning the Amazon and Microsoft display names. [#1646](https://github.com/opencybersecurityalliance/stix-shifter/pull/1646)
• Added sysdig bundle [#1647](https://github.com/opencybersecurityalliance/stix-shifter/pull/1647)

🐛 Fixes:

• Remove default value from cert_verify parameters [#1654](https://github.com/opencybersecurityalliance/stix-shifter/pull/1654)

📦 Dependency update:

• Bump aioboto3 from 12.0.0 to 12.1.0 in /stix_shifter [#1628](https://github.com/opencybersecurityalliance/stix-shifter/pull/1628)
• update pyOpenSSL dependency to 24.1.0 [#1661](https://github.com/opencybersecurityalliance/stix-shifter/pull/1661)

📋 Changes:

• Graph Security: Add login_host for national cloud authentication endpoint [#1641](https://github.com/opencybersecurityalliance/stix-shifter/pull/1641)
• AWS Athena: Make access ids optional and remove verify false from boto client [#1629](https://github.com/opencybersecurityalliance/stix-shifter/pull/1629)
• Add query batchsize(length) in common config.json [#1637](https://github.com/opencybersecurityalliance/stix-shifter/pull/1637)
• QRadar: change START / STOP regex to include <= year 2000 [#1640](https://github.com/opencybersecurityalliance/stix-shifter/pull/1640)
• Update machine ID field in QRadar module [#1634](https://github.com/opencybersecurityalliance/stix-shifter/pull/1634)
• New Sysdig connector [#1630](https://github.com/opencybersecurityalliance/stix-shifter/pull/1630)
• second half of email.* mapping for elastic_ecs [#1632](https://github.com/opencybersecurityalliance/stix-shifter/pull/1632)

🐛 Fixes:

• GCP: remove delete in result connector for chronicle [#1638](https://github.com/opencybersecurityalliance/stix-shifter/pull/1638)

📋 Changes:

• Replace docker with podman since it is still free to use [#1625](https://github.com/opencybersecurityalliance/stix-shifter/pull/1625)
• Update group_ref keyword documenation [#1622](https://github.com/opencybersecurityalliance/stix-shifter/pull/1622)
• add email-message translation to ecs [#1621](https://github.com/opencybersecurityalliance/stix-shifter/pull/1621)

🐛 Fixes:

• Add missing group param to connector configs, fix CrowdStrike spelling [#1626](https://github.com/opencybersecurityalliance/stix-shifter/pull/1626)

📦 Dependency update:

• Bump colorlog from 6.7.0 to 6.8.0 in /stix_shifter [#1624](https://github.com/opencybersecurityalliance/stix-shifter/pull/1624)

🗑️ Deprecations:

• Make sure certificate is verified when required by RestApiClientAsync and deprecate selfSignedCert:false by-pass [#1620](https://github.com/opencybersecurityalliance/stix-shifter/pull/1620)

📋 Changes:

• Cisco secure email added readme detailed file. [#1615](https://github.com/opencybersecurityalliance/stix-shifter/pull/1615)

🐛 Fixes:

• Remove future timestamp qualifier conditions [#1619](https://github.com/opencybersecurityalliance/stix-shifter/pull/1619)
• Fix parameter assignment in error handling function [#1616](https://github.com/opencybersecurityalliance/stix-shifter/pull/1616)

📋 Changes:

• include connector type in logger error [#1585](https://github.com/opencybersecurityalliance/stix-shifter/pull/1585)
• Add new screen shots to CLI Lab [#1576](https://github.com/opencybersecurityalliance/stix-shifter/pull/1576)

🐛 Fixes:

• Update Azure Log Analytics stix transmission to use BaseJsonSyncConnector [#1584](https://github.com/opencybersecurityalliance/stix-shifter/pull/1584)
• Fixing authentication token handling [#1583](https://github.com/opencybersecurityalliance/stix-shifter/pull/1583)
• allow host address input in MS Graph configuration [#1582](https://github.com/opencybersecurityalliance/stix-shifter/pull/1582)
• fix coding lab [#1578](https://github.com/opencybersecurityalliance/stix-shifter/pull/1578)
• Fix and update coding lab [#1577](https://github.com/opencybersecurityalliance/stix-shifter/pull/1577)

📦 Dependency update:

• Bump aioboto3 from 11.2.0 to 11.3.0 in /stix_shifter [#1575](https://github.com/opencybersecurityalliance/stix-shifter/pull/1575)

📋 Changes:

• Update coding lab [#1566](https://github.com/opencybersecurityalliance/stix-shifter/pull/1566)
• Vectra UDI connector [#1530](https://github.com/opencybersecurityalliance/stix-shifter/pull/1530)
• add operator mapping example in CLI lab [#1564](https://github.com/opencybersecurityalliance/stix-shifter/pull/1564)
• Lab landing page [#1563](https://github.com/opencybersecurityalliance/stix-shifter/pull/1563)
• Update overview doc [#1561](https://github.com/opencybersecurityalliance/stix-shifter/pull/1561)

🐛 Fixes:

• resolve case insensitive regex in elastic ECS connector #1569 [#1573](https://github.com/opencybersecurityalliance/stix-shifter/pull/1573)
• Fix readthedocs reference links [#1574](https://github.com/opencybersecurityalliance/stix-shifter/pull/1574)
• Temporary fix for dialect not found map file [#1572](https://github.com/opencybersecurityalliance/stix-shifter/pull/1572)
• Fix: skip empty list and string in stix objects [#1568](https://github.com/opencybersecurityalliance/stix-shifter/pull/1568)
• Performance improvement of regex validation [#1565](https://github.com/opencybersecurityalliance/stix-shifter/pull/1565)
• Fix ECS range queries with x-oca-event:start/end [#1559](https://github.com/opencybersecurityalliance/stix-shifter/pull/1559)

📦 Dependency update:

• Bump jsonmerge from 1.9.0 to 1.9.2 in /stix_shifter [#1570](https://github.com/opencybersecurityalliance/stix-shifter/pull/1570)
• Bump flask from 2.3.2 to 2.3.3 in /stix_shifter [#1567](https://github.com/opencybersecurityalliance/stix-shifter/pull/1567)
• Bump aioboto3 from 11.1.0 to 11.2.0 in /stix_shifter [#1562](https://github.com/opencybersecurityalliance/stix-shifter/pull/1562)

🗑️ Deprecations:

• CLI lab updates and STIX validator removal [#1555](https://github.com/opencybersecurityalliance/stix-shifter/pull/1555)

📋 Changes:

• Add readthedocs configurations [#1547](https://github.com/opencybersecurityalliance/stix-shifter/pull/1547)
• Update connector coding lab [#1557](https://github.com/opencybersecurityalliance/stix-shifter/pull/1557)
• Add docs folder [#1551](https://github.com/opencybersecurityalliance/stix-shifter/pull/1551)

🐛 Fixes:

• cli lab instruction fixes [#1558](https://github.com/opencybersecurityalliance/stix-shifter/pull/1558)
• Fix variable assignment error with ECS event.start/end [#1556](https://github.com/opencybersecurityalliance/stix-shifter/pull/1556)
• Mysql connector timeout fix [#1552](https://github.com/opencybersecurityalliance/stix-shifter/pull/1552)
• fix cursor call in mysql API client [#1550](https://github.com/opencybersecurityalliance/stix-shifter/pull/1550)
• Mapping Fixes for AWS GuardDuty [#1543](https://github.com/opencybersecurityalliance/stix-shifter/pull/1543)

🐛 Fixes:

• Fix stix_bundle connector results translation [#1545](https://github.com/opencybersecurityalliance/stix-shifter/pull/1545)
• map_validator: make sure 'object' name is a str [#1540](https://github.com/opencybersecurityalliance/stix-shifter/pull/1540)

📦 Dependency update:

• update stix2-validator library to 3.1.4 [#1542](https://github.com/opencybersecurityalliance/stix-shifter/pull/1542)

💥 Breaking changes:

• Adding to stix dialect feature [#1231](https://github.com/opencybersecurityalliance/stix-shifter/pull/1231)

🗑️ Deprecations:

• Removed various unfinished and abandoned connectors [#1537](https://github.com/opencybersecurityalliance/stix-shifter/pull/1537)

📋 Changes:

• To-STIX mapping keyword documentation [#1529](https://github.com/opencybersecurityalliance/stix-shifter/pull/1529)
• AWS GuardDuty UDI Connector [#1525](https://github.com/opencybersecurityalliance/stix-shifter/pull/1525)
• Framework Changes for Handling Nested List of Dictionaries [#1516](https://github.com/opencybersecurityalliance/stix-shifter/pull/1516)
• Move results processing to transmission results [#1519](https://github.com/opencybersecurityalliance/stix-shifter/pull/1519)
• to-STIX dialects documentation added [#1515](https://github.com/opencybersecurityalliance/stix-shifter/pull/1515)
• Splunk UDI Connector -Upgrade [#1479](https://github.com/opencybersecurityalliance/stix-shifter/pull/1479)
• Azure log analytics mapping improvements [#1496](https://github.com/opencybersecurityalliance/stix-shifter/pull/1496)
• Update CLA link in CONTRIBUTING.md [#1517](https://github.com/opencybersecurityalliance/stix-shifter/pull/1517)
• + 1 more

🐛 Fixes:

• Setup fix for installing libraries from commit hash [#1539](https://github.com/opencybersecurityalliance/stix-shifter/pull/1539)
• ibm_security_verify: fixes [#1522](https://github.com/opencybersecurityalliance/stix-shifter/pull/1522)
• LIKE operator only added for events queries [#1521](https://github.com/opencybersecurityalliance/stix-shifter/pull/1521)

📦 Dependency update:

• Attrs dependency fix and connector cleanup [#1537](https://github.com/opencybersecurityalliance/stix-shifter/pull/1537)
• fix #1533 with type import update [#1534](https://github.com/opencybersecurityalliance/stix-shifter/pull/1534)
• Remove ancient 'uuid==1.30' from requirements.txt [#1524](https://github.com/opencybersecurityalliance/stix-shifter/pull/1524)

🗑️ Deprecations:

• remove SNI from authentication options [#1498](https://github.com/opencybersecurityalliance/stix-shifter/pull/1498)

📋 Changes:

• Error messaging update [#1503](https://github.com/opencybersecurityalliance/stix-shifter/pull/1503)
• Remove cybox checks from map validator [#1504](https://github.com/opencybersecurityalliance/stix-shifter/pull/1504)
• remove cybox false flag for observed-data properties [#1502](https://github.com/opencybersecurityalliance/stix-shifter/pull/1502)
• Async support in Datadog connector [#1492](https://github.com/opencybersecurityalliance/stix-shifter/pull/1492)
• ReaQta Use TTP Custom Object [#1473](https://github.com/opencybersecurityalliance/stix-shifter/pull/1473)
• default translator support [#1491](https://github.com/opencybersecurityalliance/stix-shifter/pull/1491)
• Add description to stix-bundle connector README [#1497](https://github.com/opencybersecurityalliance/stix-shifter/pull/1497)
• minor code cleanup [#1494](https://github.com/opencybersecurityalliance/stix-shifter/pull/1494)
• + 2 more

🐛 Fixes:

• Patch elastic mappings [#1501](https://github.com/opencybersecurityalliance/stix-shifter/pull/1501)
• elastic_ecs: fix email-addr:value mappings in 'from' maps [#1508](https://github.com/opencybersecurityalliance/stix-shifter/pull/1508)
• x-oca-event.code switch from int to str [#1499](https://github.com/opencybersecurityalliance/stix-shifter/pull/1499)
• fix mapping references in elastic-ecs connector [#1471](https://github.com/opencybersecurityalliance/stix-shifter/pull/1471)

📋 Changes:

• SDO connector cleanup and table of mappings [#1484](https://github.com/opencybersecurityalliance/stix-shifter/pull/1484)
• error_test 2queries [#1483](https://github.com/opencybersecurityalliance/stix-shifter/pull/1483)
• DShield connector [#1443](https://github.com/opencybersecurityalliance/stix-shifter/pull/1443)
• RecordedFuture connector [#1462](https://github.com/opencybersecurityalliance/stix-shifter/pull/1462)
• Cisco Secure Malware Analytics (formerly Threat Grid) Connector [#1460](https://github.com/opencybersecurityalliance/stix-shifter/pull/1460)
• Virus total connector [#1458](https://github.com/opencybersecurityalliance/stix-shifter/pull/1458)
• ThreatQ connector [#1461](https://github.com/opencybersecurityalliance/stix-shifter/pull/1461)
• Add Intezer connector [#1457](https://github.com/opencybersecurityalliance/stix-shifter/pull/1457)
• + 5 more

🐛 Fixes:

• set alert options default value to false [#1481](https://github.com/opencybersecurityalliance/stix-shifter/pull/1481)
• Updated Config changes for GCP Chronicle for develop branch [#1476](https://github.com/opencybersecurityalliance/stix-shifter/pull/1476)
• QRadar - Remove Zero Values from IP and Mac Results [#1468](https://github.com/opencybersecurityalliance/stix-shifter/pull/1468)
• Update stix2.1 mapping files in azure sentinel module [#1472](https://github.com/opencybersecurityalliance/stix-shifter/pull/1472)
• Elastic-ecs: update dialect attributes with `.keyword` [#1474](https://github.com/opencybersecurityalliance/stix-shifter/pull/1474)
• fix error_test transform_query [#1470](https://github.com/opencybersecurityalliance/stix-shifter/pull/1470)
• mapping fixes for Microsoft Graph Security [#1420](https://github.com/opencybersecurityalliance/stix-shifter/pull/1420)
• Added timeout for API client calls [#1459](https://github.com/opencybersecurityalliance/stix-shifter/pull/1459)
• + 5 more

📦 Dependency update:

• Added urllib3 1.26.15 to connector requirements [#1482](https://github.com/opencybersecurityalliance/stix-shifter/pull/1482)
• Bump flask from 2.3.1 to 2.3.2 in /stix_shifter [#1454](https://github.com/opencybersecurityalliance/stix-shifter/pull/1454)

💥 Breaking changes:

• Change QRadar domain name mapping [#1342](https://github.com/opencybersecurityalliance/stix-shifter/pull/1342). [IBM QRadar Custom Properties Dictionary](https://exchange.xforce.ibmcloud.com/hub/extension/73f46b27280d30a4b8ec4685da391b1c) version 1.3.1 or later is now required to be installed.

📋 Changes:

• update table of mappings for MS Graph, Elastic ECS, Microsoft Defender [#1445](https://github.com/opencybersecurityalliance/stix-shifter/pull/1445)
• Elastic-ecs mapping improvements for network traffic attributes [#1410](https://github.com/opencybersecurityalliance/stix-shifter/pull/1410)
• Update Reversinglabs connector [#1436](https://github.com/opencybersecurityalliance/stix-shifter/pull/1436)
• Documentation updates [#1435](https://github.com/opencybersecurityalliance/stix-shifter/pull/1435)
• Correct network-traffic mappings for elastic_ecs [#1430](https://github.com/opencybersecurityalliance/stix-shifter/pull/1430)
• Msatp with alerts refactor [#1404](https://github.com/opencybersecurityalliance/stix-shifter/pull/1404)
• MSATP async token, removed ADAL lib [#1428](https://github.com/opencybersecurityalliance/stix-shifter/pull/1428)
• Cleaning up from requests lib [#1429](https://github.com/opencybersecurityalliance/stix-shifter/pull/1429)
• + 8 more

🐛 Fixes:

• fix url value property in azure mapping [#1444](https://github.com/opencybersecurityalliance/stix-shifter/pull/1444)
• Okta Error Code Mapping Changes for develop Branch [#1434](https://github.com/opencybersecurityalliance/stix-shifter/pull/1434)
• Fix: Graph API fails if used without lamda operators on collection type properties [#1421](https://github.com/opencybersecurityalliance/stix-shifter/pull/1421)
• Fix for Athena error handling, error log printing in tranlsation [#1415](https://github.com/opencybersecurityalliance/stix-shifter/pull/1415)
• Fixed error handling for darktrace on raw html response [#1416](https://github.com/opencybersecurityalliance/stix-shifter/pull/1416)

📦 Dependency update:

• set urllib3 library requirement [#1449](https://github.com/opencybersecurityalliance/stix-shifter/pull/1449)
• Bump flask from 2.2.3 to 2.3.1 in /stix_shifter [#1440](https://github.com/opencybersecurityalliance/stix-shifter/pull/1440)
• Bump json-fix from 0.5.1 to 0.5.2 in /stix_shifter [#1426](https://github.com/opencybersecurityalliance/stix-shifter/pull/1426)
• Bump aioboto3 from 11.0.1 to 11.1.0 in /stix_shifter [#1411](https://github.com/opencybersecurityalliance/stix-shifter/pull/1411)
• Bump pyopenssl from 23.1.0 to 23.1.1 in /stix_shifter [#1405](https://github.com/opencybersecurityalliance/stix-shifter/pull/1405)
• Bump pyopenssl from 23.0.0 to 23.1.0 in /stix_shifter [#1401](https://github.com/opencybersecurityalliance/stix-shifter/pull/1401)

📋 Changes:

• Added process:x_unique_id property to Splunk [#1389](https://github.com/opencybersecurityalliance/stix-shifter/pull/1389)
• get configs [#1392](https://github.com/opencybersecurityalliance/stix-shifter/pull/1392)
• GitHub action update [#1385](https://github.com/opencybersecurityalliance/stix-shifter/pull/1385)

🐛 Fixes:

• Added metadata changes for GCP Chronicle [#1393](https://github.com/opencybersecurityalliance/stix-shifter/pull/1393)
• Splunk: Fix MAC address to display in proper STIX format [#1386](https://github.com/opencybersecurityalliance/stix-shifter/pull/1386)
• Updated custom properties mapping in Okta with 'x_' prefix [#1387](https://github.com/opencybersecurityalliance/stix-shifter/pull/1387)
• Await async fixes [#1391](https://github.com/opencybersecurityalliance/stix-shifter/pull/1391)
• fix json loads of data arg in stix-shifter CLI [#1394](https://github.com/opencybersecurityalliance/stix-shifter/pull/1394)
• Consolidate `network-traffic`, `user-account`, `file` objects in the elastic_ecs connector mapping [#1378](https://github.com/opencybersecurityalliance/stix-shifter/pull/1378)
• Fix #1375, optimize get_pagesize() function call, and add testcases [#1384](https://github.com/opencybersecurityalliance/stix-shifter/pull/1384)
• Async changes for Okta UDI connector [#1383](https://github.com/opencybersecurityalliance/stix-shifter/pull/1383)

📦 Dependency update:

• Bump aiohttp-retry from 2.4.0 to 2.8.3 in /stix_shifter [#1374](https://github.com/opencybersecurityalliance/stix-shifter/pull/1374)

💥 Breaking changes:

• Support for asynchronous API calls in transmission modules [#1038](https://github.com/opencybersecurityalliance/stix-shifter/pull/1038)

🗑️ Deprecations:

• Removed boto3 dependency in favor of aioboto3

📋 Changes:

• Add Okta table of mappings and update elastic ECS [#1372](https://github.com/opencybersecurityalliance/stix-shifter/pull/1372)
• Okta connector [#1323](https://github.com/opencybersecurityalliance/stix-shifter/pull/1323)
• support large query with elastic search_after pagination [#1299](https://github.com/opencybersecurityalliance/stix-shifter/pull/1299)
• cybereason quick ping [#1350](https://github.com/opencybersecurityalliance/stix-shifter/pull/1350)
• aiogoogle module used for async changes in gcp_chronicle [#1331](https://github.com/opencybersecurityalliance/stix-shifter/pull/1331)
• base release5.0.x - Cookies are handled for cybereason asynchronous c… [#1313](https://github.com/opencybersecurityalliance/stix-shifter/pull/1313)
• Paloalto - changes done to map process.x_unique_id with data source field actor_process_instance_id [#1318](https://github.com/opencybersecurityalliance/stix-shifter/pull/1318)
• Added cookie support [#1310](https://github.com/opencybersecurityalliance/stix-shifter/pull/1310)
• + 2 more

🐛 Fixes:

• QRadarEpochToTimestamp for exponential notation [#1352](https://github.com/opencybersecurityalliance/stix-shifter/pull/1352)
• Remove the x-ecs-process and x-ecs-file entities from elastic_ecs mapping [#1335](https://github.com/opencybersecurityalliance/stix-shifter/pull/1335)
• azure_log_analytics: fix translation of IN operator [#1355](https://github.com/opencybersecurityalliance/stix-shifter/pull/1355)
• Build warnings fix [#1347](https://github.com/opencybersecurityalliance/stix-shifter/pull/1347)
• Updating file hash mapping for Athena OCSF support [#1345](https://github.com/opencybersecurityalliance/stix-shifter/pull/1345)
• upddate mapping for Reaqta [#1326](https://github.com/opencybersecurityalliance/stix-shifter/pull/1326)
• update mapping tables to show both comparision and observation AND OR operators [#1348](https://github.com/opencybersecurityalliance/stix-shifter/pull/1348)
• Update OCSF network traffic mappings [#1332](https://github.com/opencybersecurityalliance/stix-shifter/pull/1332)
• + 6 more

📦 Dependency update:

• Bump aioboto3 from 10.4.0 to 11.0.1 in /stix_shifter [#1368](https://github.com/opencybersecurityalliance/stix-shifter/pull/1368)
• Bump aiomysql from 0.0.21 to 0.1.1 in /stix_shifter [#1369](https://github.com/opencybersecurityalliance/stix-shifter/pull/1369)
• Bump boto3 from 1.26.78 to 1.26.84 in /stix_shifter [#1363](https://github.com/opencybersecurityalliance/stix-shifter/pull/1363)
• Bump boto3 from 1.26.74 to 1.26.78 in /stix_shifter [#1344](https://github.com/opencybersecurityalliance/stix-shifter/pull/1344)
• Bump boto3 from 1.26.64 to 1.26.74 in /stix_shifter [#1337](https://github.com/opencybersecurityalliance/stix-shifter/pull/1337)
• Bump boto3 from 1.26.55 to 1.26.64 in /stix_shifter [#1317](https://github.com/opencybersecurityalliance/stix-shifter/pull/1317)

📋 Changes:

• Instructions for the usage of custom mappings [#1274](https://github.com/opencybersecurityalliance/stix-shifter/pull/1274)
• Add log analytics API support to azure sentinel connector [#1214](https://github.com/opencybersecurityalliance/stix-shifter/pull/1214)
• Update OCSF schema in Athena mappings [#1245](https://github.com/opencybersecurityalliance/stix-shifter/pull/1245)
• splunk: allow multiple, comma-separated index names in the index option [#1271](https://github.com/opencybersecurityalliance/stix-shifter/pull/1271)
• Rename azure sentinel to Microsoft Graph Security Connector [#1212](https://github.com/opencybersecurityalliance/stix-shifter/pull/1212)
• elastic_ecs: add beats dialect [#1208](https://github.com/opencybersecurityalliance/stix-shifter/pull/1208)
• update script to create sql database [#1228](https://github.com/opencybersecurityalliance/stix-shifter/pull/1228)
• Test for START STOP timestamp format [#1218](https://github.com/opencybersecurityalliance/stix-shifter/pull/1218)
• + 1 more

🐛 Fixes:

• Mapping updates for Guardium STIX 2.1 [#1102](https://github.com/opencybersecurityalliance/stix-shifter/pull/1102)
• Add default time range to STIX Bundle connector [#1288](https://github.com/opencybersecurityalliance/stix-shifter/pull/1288)
• Updated code to handle maximum query length limitation in darktrace. [#1259](https://github.com/opencybersecurityalliance/stix-shifter/pull/1259)
• Use raw strings for regex [#1276](https://github.com/opencybersecurityalliance/stix-shifter/pull/1276)
• Updated changes for the issue #1270 [#1272](https://github.com/opencybersecurityalliance/stix-shifter/pull/1272)
• change all two lettered property names [#1251](https://github.com/opencybersecurityalliance/stix-shifter/pull/1251)
• mapping fixes for splunk [#1239](https://github.com/opencybersecurityalliance/stix-shifter/pull/1239)
• splunk: use like, cidrmatch SPL functions for LIKE, ISSUBSET operators [#1244](https://github.com/opencybersecurityalliance/stix-shifter/pull/1244)
• + 6 more

📦 Dependency update:

• Bump boto3 from 1.26.41 to 1.26.55 in /stix_shifter [#1293](https://github.com/opencybersecurityalliance/stix-shifter/pull/1293)
• Bump json-fix from 0.5.0 to 0.5.1 in /stix_shifter [#1196](https://github.com/opencybersecurityalliance/stix-shifter/pull/1196)
• Bump pyopenssl from 22.1.0 to 23.0.0 in /stix_shifter [#1264](https://github.com/opencybersecurityalliance/stix-shifter/pull/1264)
• Bump boto3 from 1.26.10 to 1.26.41 in /stix_shifter [#1263](https://github.com/opencybersecurityalliance/stix-shifter/pull/1263)

📋 Changes:

• AWS Athena, added external id support [#1187](https://github.com/opencybersecurityalliance/stix-shifter/pull/1187)
• Update aws athena supported attribute [#1184](https://github.com/opencybersecurityalliance/stix-shifter/pull/1184)
• Update AWS Athena for OCSF schema support [#1178](https://github.com/opencybersecurityalliance/stix-shifter/pull/1178)
• Upgrade pytests version for dev environment [#1170](https://github.com/opencybersecurityalliance/stix-shifter/pull/1170)
• ocsf schema support in aws Athena [#1134](https://github.com/opencybersecurityalliance/stix-shifter/pull/1134)
• Add RHACS and Google Chronicle group params [#1150](https://github.com/opencybersecurityalliance/stix-shifter/pull/1150)
• return proxy translation error [#1130](https://github.com/opencybersecurityalliance/stix-shifter/pull/1130)
• Updated the readme mappings for GCP Chronicle [#1146](https://github.com/opencybersecurityalliance/stix-shifter/pull/1146)

🐛 Fixes:

• Updated to support query without milliseconds in darktrace connector [#1199](https://github.com/opencybersecurityalliance/stix-shifter/pull/1199)
• fix formatting of commit list generated by changelog script [#1200](https://github.com/opencybersecurityalliance/stix-shifter/pull/1200)
• fixed timestamp issue for start and end filter and mapping correction [#1142](https://github.com/opencybersecurityalliance/stix-shifter/pull/1142)
• Fixed pagination and meta files delete for aws athena [#1176](https://github.com/opencybersecurityalliance/stix-shifter/pull/1176)
• gcp chronicle: removed an invalid unittest [#1166](https://github.com/opencybersecurityalliance/stix-shifter/pull/1166)
• Remove optional word from indices label [#1157](https://github.com/opencybersecurityalliance/stix-shifter/pull/1157)
• Fixed deployment script with --platform linux/amd64 [#1154](https://github.com/opencybersecurityalliance/stix-shifter/pull/1154)
• Updated connector.py file for the bug fix #1103 [#1104](https://github.com/opencybersecurityalliance/stix-shifter/pull/1104)

📦 Dependency update:

• Bump flask from 2.0.3 to 2.2.2 in /stix_shifter [#1072](https://github.com/opencybersecurityalliance/stix-shifter/pull/1072)
• Bump requests-toolbelt from 0.9.1 to 0.10.1 in /stix_shifter [#1180](https://github.com/opencybersecurityalliance/stix-shifter/pull/1180)
• Bump jsonmerge from 1.8.0 to 1.9.0 in /stix_shifter [#1194](https://github.com/opencybersecurityalliance/stix-shifter/pull/1194)
• Bump boto3 from 1.26.5 to 1.26.10 in /stix_shifter [#1193](https://github.com/opencybersecurityalliance/stix-shifter/pull/1193)
• Bump boto3 from 1.21.21 to 1.26.1 in /stix_shifter [#1175](https://github.com/opencybersecurityalliance/stix-shifter/pull/1175)
• Bump pyopenssl from 21.0.0 to 22.1.0 in /stix_shifter [#1144](https://github.com/opencybersecurityalliance/stix-shifter/pull/1144)