[IntelMQ-dev] Proposed classification for new loop-dos report
Kamil Mankowski
mankowski at cert.at
Tue Mar 19 16:46:55 CET 2024
Hey,
It sounds like the right classification for me.
Best regards
// Kamil Mańkowski <mankowski at cert.at> - T: +43 676 898 298 7204
// CERT Austria - https://www.cert.at/
// CERT.at GmbH, FB-Nr. 561772k, HG Wien
On 3/19/24 15:58, Sebix wrote:
> Dear elsif,
>
> I'm not sure if I understand the question correctly.
>
> On 3/19/24 15:19, elsif wrote:
>> I would like to propose the following constant_fields:
>>
>> classification.taxonomy = vulnerable
>> classification.type = vulnerable-system
>> protocol.application = application
>> Where the application would be tftp or dns for example.
>
> These values are valid in IntelMQ events.
>
> You will need to add a classification.identifier though
>
> best regards
> Sebastian
>
> Institute for Common Good Technology
> gemeinnütziger Kulturverein - nonprofit cultural society
> https://commongoodtechnology.org/
> ZVR 1510673578
>
>
> _______________________________________________
> IntelMQ-dev mailing list
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
> https://intelmq.readthedocs.io/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20240319/50446671/attachment.sig>
More information about the IntelMQ-dev
mailing list