I believe these should be added to product.vulnerabilities based on IEP009 instead of extra.cve.
https://github.com/certtools/ieps/tree/main/009
On 12/22/25 7:38 AM, elsif via IntelMQ-dev wrote:
All of the scan reports would benefit from this addition. I will publish an update today.
Thanks,
Jason
On 12/22/25 12:42 AM, Thomas Hungenberg wrote:
Hi Jason,
in the Vulnerable ISAKMP report, the field "tag" now can include (multiple) CVEs.
For easier processing of CVEs, we already have
[ "extra.cve", "tag", "extract_cve_from_tag" ]
in the schema for reports like scan_http_vulnerable.
Could you please add this to the schema for scan_isakmp and scan6_isakmp as well? Maybe at the end of the "optional fields" after
[ "extra.", "amplification", "convert_float" ]
Thanks,
- Thomas
IntelMQ-dev mailing list -- intelmq-dev@lists.cert.at To unsubscribe send an email to intelmq-dev-leave@lists.cert.at