Good Morning,
I wasn't even aware of that feed. IntelMQ will always be running after Shadowserver as we don't know of feeds in advance either (and the data examples for the feeds given on Shadowservers website are often not complete).
If you can pass me on one example file (I can anonymize it myself as well) I can extend the Shadowserver parser for this new feed. We are also happily accepting pull requests :)
kind regards Sebastian
On 3/23/21 8:05 AM, Mika Silander wrote:
Hi.
After trying to match current ShadowServer feeds to their internal intelmq identifiers, I got stuck with a few that I cannot find a corresponding internal mapping for in intelmq/bots/parsers/shadowserver/config.py (intelmq 2.3.1). One example is the Click-Fraud Report (https://www.shadowserver.org/what-we-do/network-reporting/click-fraud-report...). Correct me if I'm wrong in assuming all ShadowServer feeds are perhaps not (yet?) supported by the ShadowServer parser bot.
Are there plans for extending the parser bot in question? Don't take me wrong, this is no criticism, the bot does a fine job. I would just like to know what the situation is and then be able to decide how to continue with our own project.
Cheers, Mika _______________________________________________ IntelMQ-dev mailing list https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev https://intelmq.readthedocs.io/