Hey, It sounds like the right classification for me.
Best regards
// Kamil Mańkowski mankowski@cert.at - T: +43 676 898 298 7204 // CERT Austria - https://www.cert.at/ // CERT.at GmbH, FB-Nr. 561772k, HG Wien
On 3/19/24 15:58, Sebix wrote:
Dear elsif,
I'm not sure if I understand the question correctly.
On 3/19/24 15:19, elsif wrote:
I would like to propose the following constant_fields:
classification.taxonomy = vulnerable classification.type = vulnerable-system protocol.application = application Where the application would be tftp or dns for example.
These values are valid in IntelMQ events.
You will need to add a classification.identifier though
best regards Sebastian
Institute for Common Good Technology gemeinnütziger Kulturverein - nonprofit cultural society https://commongoodtechnology.org/ ZVR 1510673578
IntelMQ-dev mailing list https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev https://intelmq.readthedocs.io/