[IntelMQ-dev] RFC: scan_msrpc report
Kamil Mankowski
mankowski at cert.at
Thu Dec 5 13:42:15 CET 2024
It looks good to me :)
Best regards
// Kamil Mańkowski <mankowski at cert.at> - T: +43 676 898 298 7204
// CERT Austria - https://www.cert.at/
// CERT.at GmbH, FB-Nr. 561772k, HG Wien
On 12/3/24 17:25, elsif wrote:
> Thank you for your comments.
>
> Here are the changes based on your feedback:
>
> "scan_msrpc" : {
> "constant_fields" : {
> "classification.identifier" : "accessible-msrpc",
> "classification.taxonomy" : "vulnerable",
> "classification.type" : "potentially-unwanted-accessible"
> },
> "feed_name" : "Accessible-MS-RPC-Endpoint-Mapper",
> "file_name" : "scan_msrpc",
> "optional_fields" : [
> [
> "extra.msrpc_version",
> "version",
> "convert_float"
> ],
>
> ...
>
> "url" :
> "https://www.shadowserver.org/what-we-do/network-reporting/ms-rpc-endpoint-mapper-report"
>
> }
>
> Please let me if that know if any changes are needed or it is ready to
> publish.
>
> Regards,
>
> Jason
>
>
> _______________________________________________
> IntelMQ-dev mailing list
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
> https://docs.intelmq.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20241205/000c7c40/attachment.sig>
More information about the IntelMQ-dev
mailing list