We are in the process of creating a new daily report based on the previous loop-dos special report:
https://www.shadowserver.org/what-we-do/network-reporting/loop-dos-special-r...
I would like to propose the following constant_fields:
classification.taxonomy = vulnerable classification.type = vulnerable-system protocol.application = application
Where the application would be tftp or dns for example.
Dear elsif,
I'm not sure if I understand the question correctly.
On 3/19/24 15:19, elsif wrote:
I would like to propose the following constant_fields:
classification.taxonomy = vulnerable classification.type = vulnerable-system protocol.application = application Where the application would be tftp or dns for example.
These values are valid in IntelMQ events.
You will need to add a classification.identifier though
best regards Sebastian
Institute for Common Good Technology gemeinnütziger Kulturverein - nonprofit cultural society https://commongoodtechnology.org/ ZVR 1510673578
Hey, It sounds like the right classification for me.
Best regards
// Kamil Mańkowski mankowski@cert.at - T: +43 676 898 298 7204 // CERT Austria - https://www.cert.at/ // CERT.at GmbH, FB-Nr. 561772k, HG Wien
On 3/19/24 15:58, Sebix wrote:
Dear elsif,
I'm not sure if I understand the question correctly.
On 3/19/24 15:19, elsif wrote:
I would like to propose the following constant_fields:
classification.taxonomy = vulnerable classification.type = vulnerable-system protocol.application = application Where the application would be tftp or dns for example.
These values are valid in IntelMQ events.
You will need to add a classification.identifier though
best regards Sebastian
Institute for Common Good Technology gemeinnütziger Kulturverein - nonprofit cultural society https://commongoodtechnology.org/ ZVR 1510673578
IntelMQ-dev mailing list https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev https://intelmq.readthedocs.io/
The classification.identifier would be "loop-dos".
On 3/19/24 7:58 AM, Sebix wrote:
Dear elsif,
I'm not sure if I understand the question correctly.
On 3/19/24 15:19, elsif wrote:
I would like to propose the following constant_fields:
classification.taxonomy = vulnerable classification.type = vulnerable-system protocol.application = application Where the application would be tftp or dns for example.
These values are valid in IntelMQ events.
You will need to add a classification.identifier though
best regards Sebastian
Institute for Common Good Technology gemeinnütziger Kulturverein - nonprofit cultural society https://commongoodtechnology.org/ ZVR 1510673578
The classification looks good to me.
"feed_name" will be "Loop-DoS" ?
- Thomas
On 19.03.24 16:49, elsif wrote:
The classification.identifier would be "loop-dos".
On 3/19/24 7:58 AM, Sebix wrote:
Dear elsif,
I'm not sure if I understand the question correctly.
On 3/19/24 15:19, elsif wrote:
I would like to propose the following constant_fields:
classification.taxonomy = vulnerable classification.type = vulnerable-system protocol.application = application Where the application would be tftp or dns for example.
These values are valid in IntelMQ events.
You will need to add a classification.identifier though
best regards Sebastian
Institute for Common Good Technology gemeinnütziger Kulturverein - nonprofit cultural society https://commongoodtechnology.org/ ZVR 1510673578
IntelMQ-dev mailing list https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev https://intelmq.readthedocs.io/
Correct. The updated schema has been published and the first report will be sent tomorrow.
On 3/20/24 5:44 AM, Thomas Hungenberg wrote:
The classification looks good to me.
"feed_name" will be "Loop-DoS" ?
- Thomas
On 19.03.24 16:49, elsif wrote:
The classification.identifier would be "loop-dos".
On 3/19/24 7:58 AM, Sebix wrote:
Dear elsif,
I'm not sure if I understand the question correctly.
On 3/19/24 15:19, elsif wrote:
I would like to propose the following constant_fields:
classification.taxonomy = vulnerable classification.type = vulnerable-system protocol.application = application Where the application would be tftp or dns for example.
These values are valid in IntelMQ events.
You will need to add a classification.identifier though
best regards Sebastian
Institute for Common Good Technology gemeinnütziger Kulturverein - nonprofit cultural society https://commongoodtechnology.org/ ZVR 1510673578
IntelMQ-dev mailing list https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev https://intelmq.readthedocs.io/