NLnet’s NGI MobiFree program has been accepted.
This month, we made significant progress toward interoperability by improving the colander-data-converter package that enables seamless conversion of threat intelligence data between Colander and MISP.
You can find more details about the different activities in the project roadmap.
The project seeks to enhance interoperability by enabling the import and export of knowledge in industry-standard format. This includes batch importing of knowledge, data interchange in MISP format, and the support for user-defined templates to generate custom knowledge feeds. PTS users must have the freedom to move their data and findings from and to other tools such as OpenCTI or MISP.
We have created an export management system to centralize the case export lifecycle. This system is easily extensible to support Colander’s upcoming export features. We have also created a notification management system, it only supports email notifications for now. This component allows us to easily keep track of all user notifications that have been sent by Colander.
We have improved the user interface of the case importer to make it more user-friendly and consistent with Colander’s core functionalities. It integrates concepts and color codes of Colander’s ecosystem.
We will be putting all these features into pre-production.
We have improved the support of MISP. However, work remains to be done to minimize information loss during MISP feed import. The colander_data_converter is a Python library has reached is first stable state, a first stable version was released and is available on PyPi. The Python library is not yet integrated into Colander, and we will have to wait for a new version of MISP before we can fully complete this task.
We will continue to improve support for MISP and integrate the data converter into Colander.
MISP data format contains certain inconsistencies that make MISP support particularly challenging. For example, MISP does not allow IPv4 and IPv6 addresses to be represented in a way that distinguishes between them, a URL can be represented in two different ways…
We manufacture PiRogues to supply organizations, while taking care of its maintenance. We will include OS upgrades, improvement of the documentation and fixing bugs. Regarding Colander and Threatr, we maintain the public Colander server, upgrade dependencies, improve the documentation and fix bugs.
Thanks to Etienne Maheux’s contribution, the Vue.Js HAR analyzer gains new features and bug fixes. Entry size computation was made more robust, fixing undefined body size issues. Terminology was updated from “blocked request” to “aborted request” and logic now relies on response status. Visual indicators and badges for Ogre recipe matches were added, along with improved request/response body display and styling. The Decryption tab now shows size differences, uses a shared code component, and includes thread IDs. Multiple HAR files can be uploaded and viewed together, and URLs in the main view are split to highlight search parameters.
Those improvements have been released in version 0.1.4
Our users reported an error that sometimes occurs when capturing a web page. We did not manage to reproduce this bug, but we keep an eye on it.
We will continue the maintenance of the tools, Debian packages we maintain and Colander ecosystem.
Even with similar user setup, the Colander Companion bug can’t be reproduced by our team.
Given the success of events, webinars and demos with members of the civil society, NGOs and security researchers, we continue with our outreach plan. We organize trainings and demonstration sessions as well as creating spaces for the community to share feedback and request new features via our mailing list, GitHub issues or Discord server. We analyze one Android app that has received the community’s interest (ex COP28 app) per month. The application to be analyzed is chosen by the community. The analysis report is first privately shared with the community and one month later it is publicly released.
We organize monthly calls open to all members of the community to share project updates and get the community’s feedback.
No Android apps were analyzed this month due to a lack of time.
We attended Global Gathering and facilitated a 2-hour workshop on Colander for 15 members of CiviCERT. This event was a great opportunity for us to meet potential new partners and donors. It also allowed us to meet PTS users and to demonstrate the latest improvements to Colander.
ZoqueLabs published a write-up about Seeker, one chapter explains how they have used Colander to document their research.
The next PTS community meeting will happen on Oct. 31 at 2pm CET, join us on Google Meet.
We will continue with our recurring activities.
Our proposal to the NLnet’s NGI MobiFree program has been accepted. This will help us improve PiRogue’s capabilities by adding, for example, the ability to use Android emulators.
We are actively engaging with potential new partners and grant opportunities. However, the landscape is competitive, and the timeline for securing such support is often lengthy and uncertain. While we are doing our utmost to navigate this period and find new financial backing, the future remains precarious. If PTS is a valuable asset in your work, if it helps you conduct crucial investigations, research, or defend digital rights, we now earnestly ask for your support.
We will continue with our recurring activities.