Dear elsif,
I'm not sure if I understand the question correctly.
On 3/19/24 15:19, elsif wrote:
I would like to propose the following constant_fields:
classification.taxonomy = vulnerable classification.type = vulnerable-system protocol.application = application Where the application would be tftp or dns for example.
These values are valid in IntelMQ events.
You will need to add a classification.identifier though
best regards Sebastian
Institute for Common Good Technology gemeinnütziger Kulturverein - nonprofit cultural society https://commongoodtechnology.org/ ZVR 1510673578