IntelMQ-dev December 2025

intelmq-dev@lists.cert.at

3 participants
2 discussions

Shadowserver IntelMQ schema / CVEs in Vulnerable ISAKMP report
by Thomas Hungenberg 05 Jan '26

05 Jan '26

Hi Jason, in the Vulnerable ISAKMP report, the field "tag" now can include (multiple) CVEs. For easier processing of CVEs, we already have [ "extra.cve", "tag", "extract_cve_from_tag" ] in the schema for reports like scan_http_vulnerable. Could you please add this to the schema for scan_isakmp and scan6_isakmp as well? Maybe at the end of the "optional fields" after [ "extra.", "amplification", "convert_float" ] Thanks, - Thomas

2 3

Example data for MS CTIP Interflow 'severity'
by Sebix 01 Dec '25

01 Dec '25

Dear all Does anyone receive data from Microsoft Interflow? It has a field called 'severity' which is currently mapped to the 'extra.severity' field: https://github.com/certtools/intelmq/blob/0342b7718050b1690d9e20f137b58c769… As in IntelMQ 3.5.0, we have a proper 'severity' field with standardized values; the CTIP parser should now use that one as well. However, what's unclear to me, without access to example data, is what possible values Microsoft uses, and thus whether we need to map their values to ours. So if you have any example data, please let us know what values they use :) Best regards Sebastian -- Institute for Common Good Technology gemeinnütziger Kulturverein - nonprofit cultural society https://commongoodtechnology.org/ ZVR 1510673578

2 3

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

IntelMQ-dev December 2025