Example data for MS CTIP Interflow 'severity' - IntelMQ-dev

21 Nov 2025


      Dear all
Does anyone receive data from Microsoft Interflow?
It has a field called 'severity' which is currently mapped to the 
'extra.severity' field:
https://github.com/certtools/intelmq/blob/0342b7718050b1690d9e20f137b58c7693...
As in IntelMQ 3.5.0, we have a proper 'severity' field with standardized 
values; the CTIP parser should now use that one as well. However, what's 
unclear to me, without access to example data, is what possible values 
Microsoft uses, and thus whether we need to map their values to ours.
So if you have any example data, please let us know what values they use :)
Best regards
Sebastian
-- 
Institute for Common Good Technology
gemeinnütziger Kulturverein - nonprofit cultural society
https://commongoodtechnology.org/
ZVR 1510673578