IntelMQ-dev

intelmq-dev@lists.cert.at

6 participants
232 discussions

Logo vector sources?
by Bernhard Reiter 05 Jan '17

05 Jan '17

Hello, do we have vector sources for logo and letter head? In particular for https://github.com/certtools/intelmq/blob/master/docs/images/Logo_Intel_MQ.… I am thinking about an admin interface for email tickets and contacts (see https://github.com/certtools/intelmq/issues/708 (Basic technology: serving web applications) and it would be useful to have a vector logo version/source to create variations. It seems to have come from cert.pt originally in 2014? Best, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

4 7

Re: [Intelmq-dev] Logo vector sources?
by Bernhard Reiter 30 Nov '16

30 Nov '16

Hi Seamus, Am Dienstag 29 November 2016 15:26:12 schrieb Seamus Tuohy: > I've always found that trying to negotiate with a designer for source files > after the fact is a difficult conversation. I know, but some designers are very cool, so asking a polite question can be the shortest way. > I am a pretty quick Inkscape tracer though. So, here you go. > It's not perfect. I've taken a quick look: Very good! Thanks a lot! My aim is to add this to the public intelmq sources within the next days. My tendency is to leave the image in, because it is well positioned and useful to have. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

1 0

rfc1918 bot
by Sebastian Wagner 16 Nov '16

16 Nov '16

Hi, Currently the rfc1918 bot does sanitize much more IPs than those mentioned in RFC1918 (5 rfcs or even more) So it probably makes sense to rename the bot. Do you have suggestions? Or is RFC1918 well known as "the RFC with reserved IPs"? And do you think it makes sense to make it more configurable? E.g. en/disable the sanitation for IPs and Domains separately? Sebastian -- // Sebastian Wagner <wagner(a)cert.at> - T: +43 1 50564167201 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - https://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg

2 2

towards release 1.0
by Sebastian Wagner 10 Nov '16

10 Nov '16

Dear contributors and users, In the last year there have been so many changes to intelmq and now we are well on the way towards a stable release. We propose to make *Feature Freeze* *and* a *first release candidate in October* so we can focus on heavy testing and bug fixing. This is also the starting point for a better branching strategy: https://github.com/certtools/intelmq/issues/650 Then, when all issues are fixed, we can do the release of version 1.0. Also, we plan to publish packages for some distributions, .deb as well as rpm. Currently there are still some open questions. But the installation via pip will be no longer the recommended for production environments. To help, you can look at the open issues for 1.0: https://github.com/certtools/intelmq/issues?q=is%3Aopen+is%3Aissue+mileston… Tough I am assigned to most of them, you are encouraged to comment, review or fix some of the tasks listed there! The intelmq-manager needs some work to get partially compatible and *much work* to get it "release-ready", basically a complete rewrite. See https://github.com/certtools/intelmq-manager/issues/80 Sebastian -- // Sebastian Wagner <wagner(a)cert.at> - T: +43 1 50564167201 // CERT Austria - http://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg

2 3

Fwd: Retiring the public facing atlas.arbor.net site
by L. Aaron Kaplan 28 Oct '16

28 Oct '16

Hi! Our arbor atlas feed will need to be rewritten. > Begin forwarded message: > (...) > > > Change in service announcement > Oct 28, 2016 > > > Dear ATLAS Subscriber, > > Arbor Networks’ Active Threat Level Analysis System <http://email.arbornetworks.com/z0cK0lZ000jNlvxhKkE0A00> (ATLAS®) is a publicly available view into the threat landscape and overall health of the internet. Arbor continuously collaborates with our customers to create and improve our mechanisms for delivering data, intelligence and policy in response to the ever evolving global threat landscape. We are working on a number of initiatives to improve the data sources for ATLAS and enhance the ATLAS user experience. As we focus our collective resources toward these new initiatives, it is necessary to retire resources that no longer represent the innovation that has always been the backbone of Arbor. > > Effective November 30, 2016 we will retire the public facing atlas.arbor.net <http://atlas.arbor.net/> site while the new ATLAS customer portal is finalized. The Subscriber Reputation Feed (SRF) will also be discontinued on this date. SRF subscribers will continue to receive data until the feed is discontinued. Data sharing with Computer Emergency Response Teams (CERTs) will not be affected by this change. Additionally, qualifying ATLAS subscribers will have the opportunity to subscribe to Arbor Networks’ weekly threat briefs <http://email.arbornetworks.com/Y0ljx0Flk00cK000ZNK0wAh>. > > All traffic to the public facing ATLAS portal will be redirected to the newly updated Digital Attack Map, a collaboration with Jigsaw, a division of Google. The data presented in the newly enhanced Digital Attack Map represents a sampling of the attacks observed by the ATLAS system, presenting high level trends around significant attacks. The new system architecture moves all of this data from batch processing to real-time streaming, thereby ensuring that the data is up to date, and as accurate as possible. The data visualization gives users the ability to explore current and historical trends in DDoS attacks, see attacks by country, and make the connection to related news events on a daily basis. > > If you have any questions, please don’t hesitate to reach out to your Arbor representative. Thank you. > > Regards, > Arbor’s Security Engineering & Response Team > © 2016 Arbor Networks, Inc. All rights reserved. <http://email.arbornetworks.com/Bh00GK0Al000j0xN0KxZkcl> <http://email.arbornetworks.com/K00cjKN00Zxy0HlKk0hl0A0> <http://email.arbornetworks.com/c0j00ckK0ZlN0hlAI0Kzx00> <http://email.arbornetworks.com/ZNljk0hJl0000c0KA00ZAKx> <http://email.arbornetworks.com/UcKk0jA0ZN0Klx00hl000BK> <http://email.arbornetworks.com/p0j00K0hLA0c0ClNlZ0kKx0> > > > You are receiving this message because you are subscribedto receive updates from this service. > You may opt-out of non-service update communications here <http://email.arbornetworks.com/O0x0kjcA0000lKZD0M0lhKN>. >

1 0

Aggregating events within IntelMQ
by Dustin Demuth 24 Oct '16

24 Oct '16

Dear IntelMQ-Devs, whilst analysing our current setup and possible requirements, we discovered that an aggregation of events within IntelMQ might be a reasonable thing to do. In [1] I sketched how this might work. I'd be glad if you could find the time to comment on this approach and participate in the discussion. [1] https://github.com/certtools/intelmq/issues/751 Best regards Dustin -- dustin.demuth(a)intevation.de https://intevation.de/ OpenPGP key: B40D2EFF Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

3 2

dev: writing similiar tests and test_bot_name()
by Bernhard Reiter 19 Oct '16

19 Oct '16

Hi IntelMQ-Devs, when writing tests what is your development suggestion for writing similiar tests? My problem: intelmq/lib/test.py test_bot_name() checks that "Test class name must be Test{botclassname}." But sometimes it would make sense to have a second test class within one test file. For example in intelmq/tests/bots/experts/modify/test_expert.py I am reusing some of the data of this tile. On this occasion I have used a different class name and explicitely disabled the test_bot_name(). You can reach the code via this search: https://github.com/certtools/intelmq/search?utf8=%E2%9C%93&q=test_bot_name I can see some merit checking for a consistent naming. However making it easier to write more tests is also a good aim and it looks like a good pattern to write more than one test class within one file. What is your idea of solving this in the future? (I meanwhile add another test using the same trick.) Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

1 0

FYI - priority assignment in issues
by L. Aaron Kaplan 12 Oct '16

12 Oct '16

Hi, Sebastian and me recently had a meeting at CERT.at - discussing the minimal feature set that we still want to have (from our perspective) for putting a "1.0" label on it. We came up with a list. I am now prioritising this list. I took a trick which I learned from another software project and assign priorities to the issues I create in github in the form of Fibonacci sequence numbers: 1,2,3,5,8,13. The benefit of this is that an intuitive value of 13 is really as valuable/high prio as the sum of the previous two priorities. It's rather a bit geeky, but it seems to work. Example: https://github.com/certtools/intelmq/issues/722 Anyway. Just letting you know (so that you don't wonder what this is). This is merely to be read as hint as what I see as high prio. Feel free to adapt the prios or discuss here. Best, a.

3 6

heads up: minor change in the shadowserver identifiers
by L. Aaron Kaplan 06 Oct '16

06 Oct '16

Hi *, as of the discussion in https://github.com/certtools/intelmq/issues/657, I renamed the classification.identifier of the shadowserver snmp to "opensnmp". This might have consequences in your eventDB if you store these events and group them by "classification.identifier". Please (SQL-) UPDATE your previous entries in the eventDB in that case. Thanks, a.

2 1

Future web server for intelmq apps?
by Bernhard Reiter 26 Sep '16

26 Sep '16

Hi friends of IntelMQ, because we are currently planning for the next months and additional webapps are on our lists (for use with the BSI) I've started thinking what the recommendation should be from intelqm. So far I am using the issue tracker to document the design process https://github.com/certtools/intelmq/issues/708 (Basic technology: serving web applications) On my planning list for intelmq web apps is: * move the intelmq-manager to it * add some statistic for the postgresql output bots running with certbund * add some certbund-contact database maintenance My current list is: 1. Bottle 2. Flask 3. CherryPy While we should be focussing on getting 1.0 out of the door, the planning on the web app side will probably continue. I am happy to hear your opinions here or in the issue. Best, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

1 0

← Newer
1
...
16
17
18
19
20
21
22
23
24
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

IntelMQ-dev