[IntelMQ-dev] Proposed classification for new loop-dos report
Thomas Hungenberg
th at cert-bund.de
Wed Mar 20 13:44:50 CET 2024
The classification looks good to me.
"feed_name" will be "Loop-DoS" ?
- Thomas
On 19.03.24 16:49, elsif wrote:
> The classification.identifier would be "loop-dos".
>
> On 3/19/24 7:58 AM, Sebix wrote:
>> Dear elsif,
>>
>> I'm not sure if I understand the question correctly.
>>
>> On 3/19/24 15:19, elsif wrote:
>>> I would like to propose the following constant_fields:
>>>
>>> classification.taxonomy = vulnerable
>>> classification.type = vulnerable-system
>>> protocol.application = application
>>> Where the application would be tftp or dns for example.
>>
>> These values are valid in IntelMQ events.
>>
>> You will need to add a classification.identifier though
>>
>> best regards
>> Sebastian
>>
>> Institute for Common Good Technology
>> gemeinnütziger Kulturverein - nonprofit cultural society
>> https://commongoodtechnology.org/
>> ZVR 1510673578
>>
>>
> _______________________________________________
> IntelMQ-dev mailing list
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
> https://intelmq.readthedocs.io/
More information about the IntelMQ-dev
mailing list