[IntelMQ-users] heads-up: major code change in intelmq: shadowserver bots code base changed
L. Aaron Kaplan
aaron at lo-res.org
Thu Aug 4 10:57:47 CEST 2022
Dear intelmq users and -developers,
yesterday I merged a major change to intelmq in the the shadowserver code base[1]. The big news is that from now on, Jason from shadowserver will maintain the intelmq shadowserver code base in intelmq (i.e., /intelmq/bots/{collectors,parsers}/shadowserver/*) directly, which is IMHO really good news for us.
Why is this good news?
First of all, this allows shadowserver to quickly add code to IntelMQ whenever they release a new scan-report.
And they currently do roughly once per week. Sometimes more often!
Secondly, the new shadowserver code uses the Shadowserver API [3] and JSON schema, which makes things easier.
Finally, intelmq will be much more up to date and complete with respect to shadowserver's feeds.
Please pay particular attention to the changes as outlined in the NEWS.md file here [2]
Currently, this change is only in the "develop" branch [4].
What do we need from you?
=========================
Testing feedback!
If you have some time to try out the new shadowserver feeds, we would appreciate you trying out the "develop" branch with your shadowserver API key and tell us / this list / github's issue tracker [5] what worked and what did not work.
After all, this is a large code change, and as always, there might be things which break unexpectedly.
I would like to have this code well tested before we put it into the upcoming release 3.1.
A *BIG* thank you goes out to shadowserver for offering the man-power, the help and all of the time they already put into improving the code base.
And in my personal experience, shadowserver feeds are amongst the very best, highest quality data sources on vulnerable devices and IoCs in your network that you could get. So, in case you don't process their feeds yet, sign up here: https://www.shadowserver.org/what-we-do/network-reporting/get-reports/
(and it's even for free [6]).
Thank you for your attention and best regards,
Aaron Kaplan.
[1] https://github.com/certtools/intelmq/pull/2227
[2] https://github.com/certtools/intelmq/pull/2227/files#diff-51920e95310ebfbc1ae31709f3b95f89afffbf4f1a6e38e8b2b406e2fb6197ea
[3] https://www.shadowserver.org/what-we-do/network-reporting/api-documentation/
[4] https://github.com/certtools/intelmq/branches
[5] https://github.com/certtools/intelmq/issues
[6] though the urgently need sponsors for running their massive operations: https://www.shadowserver.org/sponsor/
More information about the IntelMQ-users
mailing list