Hello,
The following schema changes are open for discussion and scheduled to be committed on 2025-01-28.
Change summary
* Added scan_ip_tunnel and scan6_ip_tunnel reports. * Revised the feed_name and url for the scan_msrpc report.
Full details can be found at https://github.com/elsif2/ieps/tree/main/010
Regards,
Jason
On 2025-01-15 16:02, elsif via IntelMQ-dev wrote:
The following schema changes are open for discussion and scheduled to be committed on 2025-01-28.
* Added scan_ip_tunnel and scan6_ip_tunnel reports.
These both say:
"classification.identifier" : "acessible-ip-tunnel"
It should be spelled "accessible".
The report's name (website/email) is "Open IP-Tunnel", so classification.identifier should also be set to "open-ip-tunnel" instead of "accessible".
- "classification.identifier" : "acessible-ip-tunnel", + "classification.identifier" : "open-ip-tunnel",
Regards Thomas
On 17.01.25 11:00, Karl-Johan Karlsson via IntelMQ-dev wrote:
On 2025-01-15 16:02, elsif via IntelMQ-dev wrote:
The following schema changes are open for discussion and scheduled to be committed on 2025-01-28.
* Added scan_ip_tunnel and scan6_ip_tunnel reports.
These both say:
"classification.identifier" : "acessible-ip-tunnel"
It should be spelled "accessible".
Hello,
Please see the revised changes and the addition of scan6_rsync at https://github.com/elsif2/ieps/tree/main/010.
Regards,
Jason
On 1/17/25 2:45 AM, Thomas Hungenberg wrote:
The report's name (website/email) is "Open IP-Tunnel", so classification.identifier should also be set to "open-ip-tunnel" instead of "accessible".
- "classification.identifier" : "acessible-ip-tunnel", + "classification.identifier" : "open-ip-tunnel",
Regards Thomas
On 17.01.25 11:00, Karl-Johan Karlsson via IntelMQ-dev wrote:
On 2025-01-15 16:02, elsif via IntelMQ-dev wrote:
The following schema changes are open for discussion and scheduled to be committed on 2025-01-28.
* Added scan_ip_tunnel and scan6_ip_tunnel reports.
These both say:
"classification.identifier" : "acessible-ip-tunnel"
It should be spelled "accessible".
On 2025-01-17 16:08, elsif wrote:
Please see the revised changes and the addition of scan6_rsync at https://github.com/elsif2/ieps/tree/main/010.
LGTM.
Thanks Jason, and Karl-Johan for reviewing!
@all: Jason created IEP010 (The IntelMQ Enhancement Proposal 10). See: https://github.com/elsif2/ieps/blob/main/010/README.md (the link from below).
In there we have a deadline for the *28th of Jan.* for feedback! So, please if you want to participate in the discussion, do so here and/or send pull requests to this IEP.
Otherwise the IEP will be implemented after Jan 28th.
Thanks :)
Best, Aaron.
On 17.01.2025, at 16:17, Karl-Johan Karlsson via IntelMQ-dev intelmq-dev@lists.cert.at wrote:
On 2025-01-17 16:08, elsif wrote:
Please see the revised changes and the addition of scan6_rsync at https://github.com/elsif2/ieps/tree/main/010.
LGTM.
-- Karl-Johan Karlsson Linköping University Incident Response Team _______________________________________________ IntelMQ-dev mailing list -- intelmq-dev@lists.cert.at To unsubscribe send an email to intelmq-dev-leave@lists.cert.at