Disable Feodo_Tracker analyzer#3569
Disable Feodo_Tracker analyzer#3569juandiego-bmu wants to merge 2 commits intointelowlproject:masterfrom
Conversation
Feodo Tracker's data source has been largely discontinued, with the blocklist returning only 5 IPs. This disables the analyzer and removes it from the FREE_TO_USE_ANALYZERS playbook. Closes intelowlproject#3540
There was a problem hiding this comment.
Pull request overview
This PR disables the discontinued Feodo_Tracker analyzer via a DB migration and removes it from the FREE_TO_USE_ANALYZERS playbook so it no longer runs as part of the free-to-use analyzer set.
Changes:
- Add analyzer migration
0176to setdisabled=Truefor Feodo_Tracker’sAnalyzerConfig. - Add playbook migration
0063to remove Feodo_Tracker from theFREE_TO_USE_ANALYZERSplaybook (with reverse to re-add). - Keep analyzer implementation/tests intact for potential future re-enablement.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| api_app/playbooks_manager/migrations/0063_remove_feodo_tracker_from_free_to_use.py | Removes Feodo_Tracker from the FREE_TO_USE_ANALYZERS playbook via a data migration (with reverse). |
| api_app/analyzers_manager/migrations/0176_disable_feodo_tracker.py | Disables Feodo_Tracker analyzer config by updating disabled=True (with reverse). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| from django.db import migrations | ||
|
|
There was a problem hiding this comment.
This new migration file is missing the project copyright header used throughout playbooks_manager migrations (e.g., 0062_add_cleanbrowsing_to_free_to_use.py). Please add the standard IntelOwl header at the top of the file for consistency/licensing compliance.
| feodo_tracker_module = PythonModule.objects.get( | ||
| module="feodo_tracker.Feodo_Tracker", | ||
| base_path="api_app.analyzers_manager.observable_analyzers", | ||
| ) | ||
|
|
||
| AnalyzerConfig.objects.filter(python_module=feodo_tracker_module).update( | ||
| disabled=True | ||
| ) |
There was a problem hiding this comment.
PythonModule.objects.get(...) will raise and fail the migration if the Feodo Tracker PythonModule row is missing (e.g., deleted/customized DB). Consider making this migration resilient by using a guarded lookup (try/except DoesNotExist) or by updating via AnalyzerConfig.objects.filter(name="Feodo_Tracker")... so a missing row becomes a no-op instead of breaking deploys.
| from django.db import migrations | ||
|
|
There was a problem hiding this comment.
This new migration file doesn’t include the standard IntelOwl copyright header that appears in many recent analyzer migrations (e.g., 0174_phishstats_url.py, 0175_analyzer_config_cleanbrowsing_malicious_detector.py). Add the header at the top of the file to keep licensing/boilerplate consistent.
- Add standard IntelOwl copyright header to both migration files - Remove nonexistent api_app dependency that was breaking CI
Feodo Tracker's blocklist has been mostly discontinued — last I checked, it was returning just 5 IPs total. This PR disables the analyzer and removes it from the FREE_TO_USE_ANALYZERS playbook, as discussed in #3507.
Changes:
0176) setsdisabled=Trueon the Feodo_Tracker AnalyzerConfig0063) removes it from FREE_TO_USE_ANALYZERSThe analyzer code and tests are kept intact so it can be re-enabled if the data source comes back.
Closes #3540