Flowintel 3.3.0 (2026-05-21)

We are pleased to announce FlowIntel 3.3.0, introducing a new feature, Task-to-object link. This release focuses on strengthening the connectivity between your investigation data and refining the user interface experience.

🚀 New Features

• Task-to-Object Linking: You can now directly link tasks to specific objects within a case, providing a tighter association between your analysis steps and the evidence involved.

🛠 Improvements & Changes

• Modernizing the Frontend: Continued the transition to Vue.js for the Chatbot and Alerting modules, including a comprehensive refactor of v-cloak to eliminate "Flash of Uncompiled Content" (FOUC) issues.
• Pivotick Integration: Updated to the latest version of the Pivotick library to ensure better stability and timeline rendering.
• Case Consistency: Standardized terminology and labels throughout the application for a more cohesive user experience.
• Templates & Workflow: Case templates now properly include notes, and version numbering has been extended to cases and tasks for better change tracking.
• Admin & Permissions: Improved visibility into permission requirements; users are now explicitly notified when they lack the required admin rights to modify taxonomies or galaxies.

🐞 Bug Fixes

• Security & Access: Prevented unauthorized forks of privileged cases and ensured that case-level alerts respect private case access permissions.
• Task Management: Refined the task "revive" logic to prevent unintended status resets after a task is marked as finished.
• Stability: Fixed various JavaScript and Vue compilation warnings, ensured history directories are created during installation, and resolved minor UI glitches in the Note and Analyser tabs.
• Audit Logging: Fixed timezone synchronization issues in audit log graphs for accurate activity reporting.

📖 Documentation

• Updated the user manual with fresh screenshots and comprehensive documentation for the latest architectural changes.

Contributors

• @cudeso
• @ecrou-exact

Full Changelog: 3.2.0...3.3.0

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

Flowintel 3.2.0 (2026-05-11)

We are pleased to announce FlowIntel 3.2.0, introducing new features like AI assistance, advanced Timeline visualizations, and a robust Alerting engine. Under the hood, we’ve overhauled our dependency management and hardened our security posture to ensure the platform remains fast, stable, and secure.

🚀 New Features

• Integrated Chatbot: Introducing an AI-powered assistant built with DSPy and Ollama. It supports chat history, uses Flowintel-MCP for context, and can be toggled on or off via system settings.

• Visual Timelines: New integration with TimelineJS and Pivotick. You can now generate interactive timelines based on MISP objects within a case or add custom entries manually.

• Alerting System: A brand new engine supporting Webhooks (with HMAC-SHA256 signatures) and IMAP for archiving notifications. Includes a dedicated dashboard with unread badges.

• Rulezet Module: A new module for specialized rule management and synchronization.

• Audit Log Dashboard: A dedicated interface for Admins and Audit Viewers to track system-wide activity. It features a visual "peaks" graph to spot activity spikes, advanced include/exclude filters, and full export capabilities to CSV and JSON.

• Keycloak SSO: Expanding our identity providers, Flowintel now supports Keycloak for Enterprise Single Sign-On, including automatic user provisioning.

🛠 Improvements & Changes

UI & Performance

• Turbocharged Dependencies: Migrated to uv (Python) and bun (JavaScript) for significantly faster installation and reproducible builds.
• Audit Logging Dashboard: A dedicated view for Admins and Auditors to track system activity with visual peak graphs, advanced filters, and CSV/JSON export options.
• UI Refresh: Implemented Rubik fonts, and standardized form layouts (Cancel/Submit alignment) for a more professional feel.
• Smart Tabs: The Case View now dynamically adds tabs based on the active connectors (MISP, etc.) associated with that specific case.

MISP & Data Management

• Advanced Case Creation: Drastically improved the "Create Case from MISP" workflow—preview event details, select specific objects/attributes, and convert them into notes or tasks before creation.
• Bulk Actions: Added bulk enable/disable for taxonomies and galaxies.
• Exporter Tool: A new tool under the "Tools" menu allows for multi-case exports in JSON, CSV, or XML formats.

Security & API

• Session Hardening: Improved CSRF protection and session handling; sessions are now cleared properly on both login and logout.
• Granular Permission Checks: Tightened access control for private cases, ensuring history, audit logs, and correlations are strictly restricted to authorized members.
• API Documentation: Expanded Swagger/OpenAPI documentation for connectors and instances.

🐞 Bug Fixes

• Python 3.12 Compatibility: Fixed syntax warnings and issues related to the latest Python versions.
• Case Integrity: Fixed bugs preventing cases from being edited if the title already existed and resolved issues with orphaned task templates.
• Task Management: Fixed the "revive" logic where changing the status of a Finished task didn't correctly move it back to the active list.
• Email Validation: Switched internal test data to use the .test TLD to avoid DNS validation failures during setup.

📖 Documentation

• Released an Extensive User Manual featuring troubleshooting sections, FAQs, and a demo walkthrough.
• Added technical guides for setting up Keycloak SSO and the new Alerting Webhooks.

Contributors

• @cudeso
• @ecrou-exact
• @zengdard

Full Changelog: 3.1.0...3.2.0

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

FlowIntel 3.1.0 (2026-03-26)

We are pleased to announce FlowIntel 3.1.0, introducing new features like Case Reporting, Entra ID support, and a Central Repository for templates. We’ve also given the UI a significant facelift and tightened up our role-based access control to keep your workflows smooth and secure.

🚀 New Features

• FlowRefs: You can now use variables within notes that automatically replace on rendering. Dynamic documentation just got a lot easier.
• Case Reporting: Generate comprehensive reports in Markdown or PDF. Choose exactly what to include: tasks, notes, files, tags, objects, taxonomies, audit logs, or timelines.
• Digital Signatures: Added support for GPG signing of case reports to ensure integrity and authenticity.
• Central Template Repository: Shifted from GitHub API to a local filesystem-based repository for templates, making it faster and more reliable to manage your organization's standard operating procedures.
• Entra ID (SSO) Support: Seamlessly integrate with Microsoft Entra ID for Single Sign-On, including automatic user provisioning and role mapping.

FlowRefs

Case report	Config View
Template repository

🛠 Improvements & Changes

UI & User Experience

• Unified UI: The Home page now shares the same sleek design as the Case Index.
• Better Data Visibility: The Case Index now displays the number of files, objects, and linked cases at a glance.
• Analyser Overhaul: Improved the MISP module analyser with a 3-phase workflow indicator, "click-to-copy" tables, and better results collapsing.
• Editor Upgrades: Replaced standard textareas with CodeMirror for case note templates, providing a much better editing experience.

MISP Integration

• Enhanced Export: Export file attachments, subtasks, and external references directly to MISP.
• Connectivity Checks: Added a dedicated tool to test your MISP connections before you start syncing data.
• Visual Cues: A new MISP icon now appears on the Case Index only when a case is actively synced, reducing clutter.

Administration & Permissions

• UI Configuration: Admins can now edit many config.py values directly through the web interface (with an automatic audit trail and backups).
• Granular Roles: New Importer, Template Editor, and MISP Editor roles allow for more precise permission management.
• Session Security: Active sessions and notifications are now automatically purged when a user is deleted.

🐞 Bug Fixes

• Tag Integrity: Resolved conflicts in the tag system and fixed "double galaxy" rendering in the case view.
• Modal Rendering: Fixed issues where dropdowns would break inside modals by switching to more intuitive inline forms.
• Audit Logging: Fixed gaps where case/task creation via API wasn't being properly logged.
• General Stability: Addressed multiple findings from the February SonarQube static code scan.

📖 Documentation

• Updated the Installation Manual with new diagrams for Entra ID and MISP configurations.
• Refreshed the Backup and Restore guide and the Encryption Guide.

Contributors

• David Cruciani
• Koen Van Impe

Thanks to @cudeso for contributions.

Full Changelog: 3.0.0...3.1.0

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

FlowIntel 3.0.0 (2026-02-16)

We are pleased to announce FlowIntel 3.0.0, a major release introducing custom threat classification, a redesigned roles and permissions system, privileged case management, extended audit capabilities, and significant system hardening.

New Features

Taxonomies & Galaxies

• Support for custom taxonomies and galaxies
• Extended taxonomy lifecycle management (versioning & UUID support)
• Galaxy attachment flexibility (including galaxies without clusters)

Advanced Roles & Permissions System

• Introduction of structured system roles:
  • Admin
  • Editor
  • ReadOnly
  • OrgAdmin
  • CaseAdmin
  • Audit Viewer
• Clear separation between system roles and additional permissions
• Full OrgAdmin support (UI + API)
• Role-aware UI badges and indicators
• Enforcement of organization-based visibility restrictions

Privileged Case Management

• Full privileged case implementation
• Permission enforcement in UI and API
• Restricted case operations for non-authorized users
• Privileged case notifications
• Dedicated audit logging for privileged operations

Extended Audit Trail & Logging

• Comprehensive audit logging across:
  • Cases
  • Tasks
  • Users
  • Organisations
  • Connectors
  • Templates
  • MISP objects
• Extended case history view
• Export audit logs as text / markdown
• Logging for failed and successful logins
• Configurable log file support
• Production logging support

Case & Task Enhancements

• File attachments for both cases and tasks
• External references converted to Markdown using MISP modules
• Calendar export (ICS) and full calendar feed API
• Overdue task notifications
• File detail visibility (size, type, upload time)
• File size limit configuration
• Support for importing files into tasks as notes
• Extended task overview improvements

System & Deployment Improvements

• Dedicated System Settings page (admin only)
• Reverse proxy support (ProxyFix / NGINX)
• .env environment variable loading via dotenv
• Admin and bot initialization from configuration
• Clean database development script
• Preparation for documentation externalization

MISP Integration Improvements

• Improved MISP object handling and validation
• Required attribute constraint validation
• Improved MISP UI interaction
• Proper restoration of required MISP submodules:
  • misp-galaxy
  • misp-objects
  • misp-taxonomies

Changes & Improvements

• Migration to Vite for asset management
• Improved search and pagination (debounce support)
• API access checks for open case counts
• Connector type descriptions
• Improved template version handling
• Removal of deprecated configuration modules
• Multiple UX and consistency improvements across case and task views

Fixes

Security Fixes

• CSRF protection for:
  • User deletion
  • Organisation deletion
  • API key changes
• Secure API key generation using secrets
• Addressed extensive static analysis findings

Stability & Database

• Fixed submodule installation issues on fresh clones
• Fixed PostgreSQL migration issues
• Ensured required DB indexes exist
• Prevented deletion of organisations owning cases or users
• Fixed IntegrityError for users without matrix_id
• Multiple template and markdown import fixes
• Timeline rendering fixes

Images

MISP Objects	MISP Objects Compacted
Case History	Task View

Contributors

• David Cruciani
• Koen Van Impe
• Alexandre Dulaunoy

Thanks to @cudeso, Flowintel is growing and improving, and more new features are coming soon.

Full Changelog: 2.3.0...3.0.0

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

🆕 Key Improvements

• Computer-assisted report generated from all information available in a case

• Case history can be downloaded in Markdown format

• Multiple improvements to Dockerfile and Docker Compose

• Fixed pagination issues when large amounts of data are present in the database

• Expanded and improved documentation for ELSA workflows, providing clear guidance and reference material on using FlowIntel’s ELSA integration and related workflows.

Important

A new migration script is available for the computer-assisted report. Don’t forget to apply it to your database.

📦 Release Notes – 2.3.0 (2025-12-15)

New

• [feature] download history as markdown. [David Cruciani]
• [feature] computer assistate report for cases. [David Cruciani]
• [api] create a from with a misp event in json format. [David Cruciani]

Changes

• [version] 2.3.0. [David Cruciani]
• [misp] update flowintel object to misp with new field. [David
  Cruciani]
• [docker] move bin. [David Cruciani]
• [docker] entrypoint and ubuntu 24.04 + python 3.12. [David Cruciani]
• [docker] compose with postgres and valkey. [David Cruciani]
• [templating] description handling for add_task_case. [David Cruciani]
• [template] markdown editor for description in add_task_case. [David
  Cruciani]
• [module] add galaxies and tags on event. [David Cruciani]
• [launch] kill tail and killscript different. [David Cruciani]
• [description] markdown editor for creation and edition. [David
  Cruciani]
• [case] button for open/finished, new filter for cases. [David
  Cruciani]

Fix

• [pagination] limit number of element. [David Cruciani]
• [launch] config file missing. [David Cruciani]
• [test] org and user. [David Cruciani]
• [admin] org and user creation. [David Cruciani]
• [connector] case from misp with global_api and uuid usage. [David
  Cruciani]

Other

• Merge pull request #60 from vx3r/fix/task-creation-from-template.
  [David Cruciani]

  Fix Task creation from template

• Add notes and urls_tools from template to the task, default history
  directory, remove obsolete attribute. [antomer]

• Merge pull request #58 from flowintel/docker-dev. [David Cruciani]

  Docker fix and working

• Merge remote-tracking branch 'origin/main' into docker-dev. [David
  Cruciani]

• Merge pull request #56 from cudeso/new/vulnerability-disclosure-
  policy. [Alexandre Dulaunoy]

  Add SECURITY.md with vulnerability disclosure policy

• Add SECURITY.md with vulnerability disclosure policy. [Koen Van Impe]

  SECURITY.md file for reporting security vulnerabilities, responsible disclosure guidelines, and contact information.

• Merge pull request #55 from cudeso/new/ELSA. [Alexandre Dulaunoy]

  Add ELSA compliance and governance documentation - R-NF-ELSA-0001

• Fix minor typos. [Koen Van Impe]

• Add ELSA compliance and governance documentation - R-NF-ELSA-0001.
  [Koen Van Impe]

  Introduced a set of documentation templates and guidance for Flowintel deployments, including DPIA screening (controller and developer), GDPR guidance, NIS2 compliance considerations, ROPA templates, retention and purpose limitation mapping, law enforcement annex, and a security breach response procedure.

  These documents support controllers in meeting legal, regulatory, and operational requirements for data protection and incident management.

Contributions

Special thanks to @cudeso for his valuable contributions to this release.

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

🆕 Key Improvements

• Markdown support in descriptions for cases, tasks, and templates
• API key now blurred on the profile page
• New button to view finished tasks
• Added a safe installer version
• Multiple bug fixes and improvements

📦 Release Notes – 2.2.1 (2025-11-10)

Changes

• [case] button for open and finished tasks. [David Cruciani]
• [sidebar] avoid redirect. [David Cruciani]
• [account] password edition and creation. [David Cruciani]
• [account] bur api key. [David Cruciani]
• [import] remove unused import. [David Cruciani]
• [case history] remove 'Modif' [David Cruciani]
• [my_assignment] description in md. [David Cruciani]
• [description] support markdown. [David Cruciani]

Fix

• [launch] config file for test. [David Cruciani]

• [user] delete from task assignment. [David Cruciani]

• [task] collapse and description button. [David Cruciani]

• [case_connectors] see only connectors of current_user of global ones.
  [David Cruciani]

• [case_from_misp] error caused by is_updated_from_misp. [David
  Cruciani]

  hack_lu

Other

• Merge pull request #49 from cudeso/improvement/db-documentation.
  [David Cruciani]

  Improvement/db documentation

• Database documentation. [Koen Van Impe]

• Stop tracking config.py. [Koen Van Impe]

• Update README. [Koen Van Impe]

• Pandoc release+version; correct venv in install. [Koen Van Impe]

• Update doc for default config files. [Koen Van Impe]

• Have launch script take into account different venv options. [Koen Van
  Impe]

• Safer installer script and default config files. [Koen Van Impe]

Contributions

Special thanks to @cudeso for his valuable contributions to this release.

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

🆕 Key Improvements

• Case Management

  • Update a case directly from a MISP event
  • Merge cases together

• UI & Usability

  • New calendar option with case/task checkbox
  • Drag-and-drop support for task templates

• Integrations & API

  • Improved MISP integration (import and download cases with MISP-Objects)
  • Extended API with connector and case management improvements

• Stability

  • More robust, DB-agnostic migration scripts
  • Numerous fixes for clusters, connectors, and modules

📦 Release Notes – 2.1.0 (2025-10-16)

New

• [feature] update a case from a MISP event. [David Cruciani]
• [feature] merge case. [David Cruciani]

Changes

• [version] 2.1.0. [David Cruciani]
• [global] add modal to delete something. [David Cruciani]
• [footer] add api link. [David Cruciani]
• [calendar] checkbox for case and task. [David Cruciani]
• [tools] search attr. [David Cruciani]
• [templating] api for connectors. [David Cruciani]
• [connectors] display global instance and modify only by creator.
  [David Cruciani]
• [case_api] remove connectors from case creation and edition. [David
  Cruciani]
• [templating] connectors. [David Cruciani]
• [ui] minor. [David Cruciani]
• [modules] add description. [David Cruciani]
• [users] display orgs. [David Cruciani]
• [api] namespace to centralize api doc. [David Cruciani]
• [flask session] use of valkey. [David Cruciani]
• [case/importer] download and import case with misp-objects. [David
  Cruciani]
• [api.case] append note to existing ones. [David Cruciani]
• [case_template] drag and drop for task template. [David Cruciani]
• [navbar] empty activepage when navigating into navbar. [David
  Cruciani]
• [workflow] test for all branch. [David Cruciani]

Fix

• [orgs] deleting a default_orgs didn't delete org in case. [David
  Cruciani]

• [admin] user creation with new org. [David Cruciani]

• [case] module instance error. [David Cruciani]

• [case] misp_object_event. [David Cruciani]

• [home] globe for public case. [David Cruciani]

• [launch] move source into a function to avoid having error in test.
  [David Cruciani]

• [case] global_api_key in modules. [David Cruciani]

• [test] move tasks. [David Cruciani]

• [test] return error of pytest. [David Cruciani]

• [migration] use op.batch_alter_table for sqlite db. [David Cruciani]

• [migration] add some more test. [David Cruciani]

• [doc] Update funding section in README. [Alexandre Dulaunoy]

  Added funding information and updated logos.

• [flowintel-modules] function instead of var. [David Cruciani]

• [case] update clusters. [David Cruciani]

• [global] multiple error with clusters. [David Cruciani]

• [connector] global api key visible by anyone. [David Cruciani]

• [template.connector] remove admin only. [David Cruciani]

• [misp_object_event] attribute update. [David Cruciani]

• [case] fork. [David Cruciani]

• [case/task] notifications. [David Cruciani]

• [case] select type of misp-attr. [David Cruciani]

• [misp-object] creation from misp + select sender. [David Cruciani]

Other

• Merge pull request #43 from sebdraven/main. [David Cruciani]

  Enhances database migration robustness

• Enhances database migration robustness. [Sebastien Larinier]

  Improves the reliability of database migrations by adding checks for existing tables and columns before attempting to create or modify them.
  This prevents errors during migration rollouts, especially in environments where migrations might have been partially applied.

  Specifically, changes include:

  • Using SQLAlchemy's inspect module to check for table and column existence.
  • Replacing try...except OperationalError blocks with conditional checks using the inspector.
  • Dropping indexes before dropping columns to avoid errors.
  • Updating column types safely using the inspector to fetch the column type.

• Merge pull request #40 from Jeremy-
  Bussy/connector_identifier_based_on_uuid. [David Cruciani]

  Use event uuid instead of event id for connector identifiers

• Use event uuid instead of event id for connector identifiers.
  [Era'Zon]

• Merge pull request #41 from Jeremy-Bussy/connector_in_case_template.
  [David Cruciani]

  Add connectors in case template

• Add connector in case template && Add global attribute to connectors
  && Fix "Sortable: el must be an HTMLElement, not [Object null]" in
  case_template_view that appeared sometimes on mounted. [Era'Zon]

Contributions

Special thanks to @sebdraven and @Jeremy-Bussy for their valuable contributions to this release.

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

🚀 Flowintel 2.0 – A New UI for Analysts

Flowintel is an open-source platform designed to help analysts and incident responders manage, investigate, and collaborate on cases efficiently.

It brings together case management, task tracking, timelines, and collaboration tools into a single analyst-friendly environment.

Flowintel also provides deep integration with MISP: you can publish cases as MISP events, create MISP object observables directly from cases, and import MISP events back into Flowintel for investigation and tracking.

In addition, Flowintel includes an easy-to-use templating system that helps standardize and reproduce intelligence or DFIR workflows. This makes it easier to share consistent processes and best practices across teams.

With version 2.0, Flowintel introduces a major redesign of the user interface, making workflows smoother, faster, and more intuitive.

✨ Highlights of the New UI

🆕 Key Improvements

• Updated sidebar with persistent state (local storage support)
• New drag-and-drop (SortableJS) to reorder tasks effortlessly
• Revamped calendar, now powered by FullCalendar.js with month picker
• Cleaner layout with relocated buttons for less clutter
• Added a footer for better navigation and status info
• Moved filters from collapsible panels to a dedicated modal
• Case UI refinements: tags editing inline, note editor, orgs/links visibility, improved timeline

📦 Release Notes – 2.0.0 (2025-09-02)

New

• [ui] Added footer. [David Cruciani]

Changes

• [version] Bumped to 2.0.0. [David Cruciani]
• [sidebar] New design with active page + toggled state stored in localStorage. [David Cruciani]
• [case.ui] Major refactor: title, actions, tags editing, org links, connectors tab, improved tasks view. [David Cruciani]
• [task] Introduced drag-and-drop (SortableJS) for task reordering. [David Cruciani]
• [calendar] FullCalendar integration with month picker. [David Cruciani]
• [timeline.ui] Styling improvements and background tweaks. [David Cruciani]
• [account] Updated UI and API key change support. [David Cruciani]
• [misp-objects] Object relation support. [David Cruciani]
• [search_attr] Improved visibility – show only relevant or public cases. [David Cruciani]
• [template.ui] Unified interface with case views. [David Cruciani]

Fixes

• [ui] Adjusted main height and word wrapping. [David Cruciani]
• [base] Added "scroll to top" button. [David Cruciani]
• [app] Fixed sidebar link error. [David Cruciani]
• [task] Fixed issues with reordering finished tasks, tag filtering, and template note deletion. [David Cruciani]

Other

• Merge pull request #38 from sebdraven/main – Feature: User-aware case search. [Sebastien Lariner]
• Merge pull request #39 from flowintel/feature/ui-changes. [David Cruciani]

👉 This release represents a big step forward in usability and lays the groundwork for more powerful analyst-centric features in upcoming versions.

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

New Features

• Search for attribute values to find previous cases containing the same MISP-Objects
• Added a guide for using Flowintel with PostgreSQL in production environments

Bug Fixes

• Fixed issues when exporting cases, tasks, and MISP-Objects to MISP
• Fixed migration scripts
• Improved pagination on the case index page to correctly display the number of cases specific to your organisation
• Fixed an error in the importer

Video

There is a recorded training available on YouTube

1.6.2 (2025-07-30)

New

• [feature] search for attributes value. [David Cruciani]
• [workflow] python 3.9. [David Cruciani]

Changes

• [version] 1.6.2. [David Cruciani]
• [doc] case example + readme. [David Cruciani]
• [misp-modules] table and case creation. [David Cruciani]
• [common] for module misp fix. [David Cruciani]
• [sidebar] reorganization of links. [David Cruciani]
• [config] production config. [David Cruciani]
• [db] forgot db file for last commit. [David Cruciani]
• [case.misp-object] disable correlation. [David Cruciani]
• [login] flash for invalid email. [David Cruciani]

Fix

• [db.py] issue with custom tags and notifications field size.
  [mehdi.safla]

• [migration] url_tool as NULL. [David Cruciani]

• [case_connector] var name. [David Cruciani]

• [migration] old script. [David Cruciani]

• [misp-module] task url/tool. [David Cruciani]

  new object, multiple identifier for same instance

• [task] filter. [David Cruciani]

• [case_api] doc. [David Cruciani]

• [case] pagination. [David Cruciani]

• [templating] edit. [David Cruciani]

• [importer] ref import. [David Cruciani]

Other

• Merge pull request #33 from MehdiSafla/main. [David Cruciani]

  Production deployment: doc, .env, db schema fix

• Add: [.env, doc] production deployment and directives. [mehdi.safla]

• Merge pull request #34 from Rileyy-2/main. [David Cruciani]

  Update misp_modules_result.html

• Update misp_modules_result.html. [Rileyy-2]

  Changing the "null" attribution to three attributes which overwrites potential previous set values. Instead, it attributes the "null" value only if the key is not set in the object.

• Fix invalid escape sequences. [David Cruciani]

  fix invalid escape sequences

• Fix invalid escape sequences. [LukeVader]

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.

This release introduces a new feature:

• Correlation for attribute value between cases

Bug Fixes

• Fixed issues related to dockerfile
• Resolved task template error

1.6.1 (2025-07-01)

New

• [feature] correlation for attribute value between cases. [David
  Cruciani]

Fix

• [error] syntax for 3.9 and url form for task template. [David
  Cruciani]
• [tool] bad quote. [David Cruciani]

Funding

Flowintel is co-funded by CIRCL and by the European Union under FETTA (Federated European Team for Threat Analysis) project.