[IntelMQ-dev] Proposed classification for new loop-dos report
Sebix
sebix at sebix.at
Tue Mar 19 15:58:35 CET 2024
Dear elsif,
I'm not sure if I understand the question correctly.
On 3/19/24 15:19, elsif wrote:
> I would like to propose the following constant_fields:
>
> classification.taxonomy = vulnerable
> classification.type = vulnerable-system
> protocol.application = application
> Where the application would be tftp or dns for example.
These values are valid in IntelMQ events.
You will need to add a classification.identifier though
best regards
Sebastian
Institute for Common Good Technology
gemeinnütziger Kulturverein - nonprofit cultural society
https://commongoodtechnology.org/
ZVR 1510673578
More information about the IntelMQ-dev
mailing list