Hi Sebastian,
On 07.01.25 10:53, Sebix wrote:
As I wrote before, "version" is ambiguous for me, it's unclear what the version field refers to.
It could be the version of the IntelMQ data format. It could be the version of the IntelMQ software. It could be the version of the data feed. It could be the version of the server software. And it could be the version an application protocol, as it is in this case.
I don't agree here. We have been using "version" for a long time with many other reports like Open-Elasticsearch, Vulnerable-Exchange, Accessible-ActiveMQ or Accessible-PostgreSQL and it's always referring to the application version.
So IMHO one can intuitively assume that in this case "version" corresponds to the version of the application reported with this event and not the version of the IntelMQ software or data format.
Regards Thomas