Fine for me.
However, how do we transition this? There are quite a few intelmq instances out there which might not update at the same time.
On 07.01.2025, at 11:42, Thomas Hungenberg via IntelMQ-dev intelmq-dev@lists.cert.at wrote:
Hi all,
a longer time ago, many Shadowserver reports have been renamed from open-* to accessible-* or vulnerable-* but IntelMQ is still using the old names as classification identifiers.
I'd like to propose making the following changes to the classification identifiers so they match the feed names again.
old new
open-activemq accessible-activemq open-cwmp accessible-cwmp open-mysql accessible-mysql open-postgres accessible-postgres open-rdp accessible-rdp open-slp accessible-slp open-smb accessible-smb open-smtp accessible-smtp open-ssh accessible-ssh open-ssl accessible-ssl open-stun accessible-stun open-telnet accessible-telnet open-vnc accessible-vnc open-couchdb accessible-couchdb open-docker accessible-docker open-dvr-dhcpdiscover accessible-dvr-dhcpdiscover open-epmd accessible-epmd open-ics accessible-ics open-kubernetes accessible-kubernetes open-quic accessible-quic open-socks accessible-socks45-proxy open-ws-discovery accessible-ws-discovery
open-ddos-middlebox vulnerable-ddos-middlebox open-ike vulnerable-isakmp open-synfulknock synful-knock
Regards Thomas
IntelMQ-dev mailing list https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev https://docs.intelmq.org/