[IntelMQ-dev] Proposed classification for new loop-dos report
elsif
elsif at shadowserver.org
Wed Mar 20 22:59:50 CET 2024
Correct. The updated schema has been published and the first report
will be sent tomorrow.
On 3/20/24 5:44 AM, Thomas Hungenberg wrote:
> The classification looks good to me.
>
> "feed_name" will be "Loop-DoS" ?
>
>
> - Thomas
>
> On 19.03.24 16:49, elsif wrote:
>> The classification.identifier would be "loop-dos".
>>
>> On 3/19/24 7:58 AM, Sebix wrote:
>>> Dear elsif,
>>>
>>> I'm not sure if I understand the question correctly.
>>>
>>> On 3/19/24 15:19, elsif wrote:
>>>> I would like to propose the following constant_fields:
>>>>
>>>> classification.taxonomy = vulnerable
>>>> classification.type = vulnerable-system
>>>> protocol.application = application
>>>> Where the application would be tftp or dns for example.
>>>
>>> These values are valid in IntelMQ events.
>>>
>>> You will need to add a classification.identifier though
>>>
>>> best regards
>>> Sebastian
>>>
>>> Institute for Common Good Technology
>>> gemeinnütziger Kulturverein - nonprofit cultural society
>>> https://commongoodtechnology.org/
>>> ZVR 1510673578
>>>
>>>
>> _______________________________________________
>> IntelMQ-dev mailing list
>> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
>> https://intelmq.readthedocs.io/
>
More information about the IntelMQ-dev
mailing list