[Intelmq-users] ShadowServer Parser bot feedname
Peter Chan
pchanwork at gmail.com
Thu Jun 21 14:17:58 CEST 2018
Hi Sebastian and team,
Another question regarding the feedname.
I currently have a directory of mixed feeds (Spam-URL, Open-mDNS, Open-LDAP
etc.) that needs to be processed individually.
Can the file-collector bot take regular expression in one of its parameters
(feedname or postfix?) to filter which csv to queue to the appropriate
shadowserver parser?
My current workaround is to move the different feeds into their own
directory and then point the file-collector to their respective location -
will automate this process pending answer :)
Regards,
Peter
On Tue, 5 Jun 2018 at 13:51, Sebastian Wagner <wagner at cert.at> wrote:
> Hi,
>
> On 2018-06-05 13:46, Peter Chan wrote:
>
> Just another question regarding the feedname.
> Is it possible to define multiple feeds in the feedname parameter like:
>
> "feedname": " Ssl-Scan ", "Ssl-Freak-Scan", " Open-SNMP",
>
>
> No, as the parser needs to know what feed to expect to parse it correctly.
> That would not be possible with multiple feed names given. You need to
> create multiple collectors/parsers.
>
> It might sound strange that the parser can't detect the feed, but as feeds
> look very similar and the csv headers change regularly, this would result
> in wrongly parsed feeds otherwise.
>
> Sebastian
>
> --
> // Sebastian Wagner <wagner at cert.at> <wagner at cert.at> - T: +43 1 5056416 7201
> // CERT Austria - https://www.cert.at/
> // Eine Initiative der nic.at GmbH - https://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20180621/a5824fec/attachment.html>
More information about the Intelmq-users
mailing list