[IntelMQ-dev] ShadowServer feeds vs. ShadowServer parser bot
Sebastian Wagner
wagner at cert.at
Tue Mar 23 09:06:40 CET 2021
Good Morning,
I wasn't even aware of that feed. IntelMQ will always be running after
Shadowserver as we don't know of feeds in advance either (and the data
examples for the feeds given on Shadowservers website are often not
complete).
If you can pass me on one example file (I can anonymize it myself as
well) I can extend the Shadowserver parser for this new feed. We are
also happily accepting pull requests :)
kind regards
Sebastian
On 3/23/21 8:05 AM, Mika Silander wrote:
> Hi.
>
> After trying to match current ShadowServer feeds to their internal intelmq identifiers, I got stuck with a few that I cannot find a corresponding internal mapping for in intelmq/bots/parsers/shadowserver/config.py (intelmq 2.3.1). One example is the Click-Fraud Report (https://www.shadowserver.org/what-we-do/network-reporting/click-fraud-report/). Correct me if I'm wrong in assuming all ShadowServer feeds are perhaps not (yet?) supported by the ShadowServer parser bot.
>
> Are there plans for extending the parser bot in question? Don't take me wrong, this is no criticism, the bot does a fine job. I would just like to know what the situation is and then be able to decide how to continue with our own project.
>
> Cheers, Mika
> _______________________________________________
> IntelMQ-dev mailing list
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
> https://intelmq.readthedocs.io/
--
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20210323/ce290f22/attachment.sig>
More information about the IntelMQ-dev
mailing list