Merge pull request #50 from intelowlproject/gb_v3_release

GreedyBear 3.0.0 release changes

Author: regulartim

docs/GreedyBear/Installation.md

@@ -78,12 +78,12 @@ In the `env_file`, configure different variables as explained below.
 - `DEFAULT_SLACK_CHANNEL`: ID of the Slack channel you want to post the message to
 
 ## ElasticSearch compatibility.
-Greedybear leverages a [python client](https://elasticsearch-py.readthedocs.io/en/v8.19.1/) for interacting with ElasticSearch which requires to be at the exact major version of the related T-POT ElasticSearch instance.
+Greedybear leverages a [python client](https://elasticsearch-py.readthedocs.io/en/v9.2.1/) for interacting with ElasticSearch which requires to be at the exact major version of the related T-POT ElasticSearch instance.
 This means that there could problems if those versions do not match.
 
-The current version of the client installed is the 8.19.3 which allows to run TPOT version from 22.04.0 to 24.04.1 without any problems (and some later ones...we regularly check T-POT releases but we could miss one or two here.)
+The current version of the client installed is the 9.2.1 which allows to run TPOT version >= 24.04.1 without any problems (we regularly check T-POT releases but we could miss one or two here).
 
-If you want to have compatibility with previous versions, you need to change the `elasticsearch8` version [here](https://github.com/intelowlproject/GreedyBear/blob/main/requirements/project-requirements.txt) and [re-build](https://intelowlproject.github.io/docs/GreedyBear/Installation/#rebuilding-the-project-creating-custom-docker-build) locally the project.
+If you want to have compatibility with previous versions, you need to change `elasticsearch` to `elasticsearch8` with an appropriate version [here](https://github.com/intelowlproject/GreedyBear/blob/main/requirements/project-requirements.txt), adjust the imports [here](https://github.com/intelowlproject/GreedyBear/blob/main/greedybear/cronjobs/repositories/elastic.py) and [here](https://github.com/intelowlproject/GreedyBear/blob/main/greedybear/settings.py), and [re-build](https://intelowlproject.github.io/docs/GreedyBear/Installation/#rebuilding-the-project-creating-custom-docker-build) the project locally.
 
 ## Update and Re-build
 

docs/GreedyBear/Introduction.md

@@ -8,7 +8,7 @@ The project goal is to extract data of the attacks detected by a [TPOT](https://
 
 ## Public feeds
 
-There are public feeds provided by The Honeynet Project in this site: greedybear.honeynet.org. [Example](https://greedybear.honeynet.org/api/feeds/log4j/all/recent.txt)
+There are public feeds provided by The Honeynet Project in this site: greedybear.honeynet.org. [Example](https://greedybear.honeynet.org/api/feeds/cowrie/all/recent.txt)
 
 To check all the available feeds, Please refer to our [usage guide](https://intelowlproject.github.io/docs/GreedyBear/Usage/)
 

docs/GreedyBear/Usage.md

@@ -12,30 +12,13 @@ https://<greedybear_site>/api/feeds/<feed_type>/<attack_type>/<prioritize>.<form
 
 The available feed_type are:
 
-- `log4j`: attacks detected from the Log4pot.
-- `cowrie`: attacks detected from the Cowrie Honeypot.
+- `<honeypot_name>`: attacks detected from a specific type of honeypot; for example `cowrie`
 - `all`: get all types at once
-- The following honeypot feeds exist (for extraction of (only) the source IPs):
-  - `heralding`
-  - `ciscoasa`
-  - `honeytrap`
-  - `dionaea`
-  - `conpot`
-  - `adbhoney`
-  - `tanner`
-  - `citrixhoneypot`
-  - `mailoney`
-  - `ipphoney`
-  - `elasticpot`
-  - `dicompot`
-  - `redishoneypot`
-  - `sentrypeer`
-  - `glutton`
 
 The available attack_type are:
 
 - `scanner`: IP addresses captured by the honeypots while performing attacks
-- `payload_request`: IP addresses and domains extracted from payloads that would have been executed after a speficic attack would have been successful
+- `payload_request`: IP addresses and domains extracted from payloads that would have been executed after a speficic attack would have been successful. This will currently only return requests recorded by the Cowrie honeypot. 
 - `all`: get all types at once
 
 The available prioritization mechanisms are:
@@ -66,6 +49,7 @@ These predictions are based on historical interaction patterns and are updated o
 Check the [API specification](https://intelowlproject.github.io/docs/GreedyBear/Api-docs/#docs.Submodules.GreedyBear.api.views.feeds.feeds_advanced) or the to get all the details about how to use the available APIs.
 
 ## Advanced Feeds API
+_Available from version >= 1.4.0_
 
 For authenticated users, GreedyBear offers an additional API endpoint that provides similar functionality to the Feeds API but with enhanced customization options.
 ```
@@ -142,6 +126,7 @@ If you would like to leverage this API without the need of writing even a line o
 
 
 ## Cowrie Session API
+_Available from version >= 2.1.0_
 
 For authenticated users, GreedyBear offers an API to retrieve session data from the [Cowrie](https://github.com/cowrie/cowrie) honeypot including command sequences, credentials, and session details. Queries can be performed using either an IP address to find all sessions from that source, or a SHA-256 hash to find sessions containing a specific command sequence.