[IntelMQ-dev] About Shadowserver's generic Special report

Kamil Mankowski mankowski at cert.at
Thu Oct 3 10:24:23 CEST 2024 

Hey,

just FYI - the ShadowServer documentation for that feed is already 
available: 
https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-cups-special-report/ 


Best regards

// Kamil MaƄkowski <mankowski at cert.at> - T: +43 676 898 298 7204
// CERT Austria - https://www.cert.at/
// CERT.at GmbH, FB-Nr. 561772k, HG Wien

On 10/3/24 08:35, Mika Silander via IntelMQ-dev wrote:
> Hi,
> 
>   We received today a Shadowserver report that gets mapped into the feed "Special" by the Shadowserver parser bot. It's fine to try to inform about vulnerabilities asap, but as this report was unknown to our checker bot, it was put on hold. The corresponding email is named "Vulnerable CUPS Special Report" which already gives an idea of what the report speaks about. This report does not seem to be documented on Shadowserver's own pages under https://www.shadowserver.org/what-we-do/network-reporting (yet?).
> 
>   So, here's a request: could someone who is able to update
> 
> https://interchange.shadowserver.org/intelmq/v1/schema/shadowserver-schema.json
> 
>   turn the special report into a more specific feed definition, e.g. the report file name could be "scan_cups" (and "scan6_cups" for IPv6) and the "feed.name" field could be e.g. "Vulnerable-CUPS-Server" or similar? Another option is to create a report of its own for vulnerable CUPS servers and leave "special" as the catch-all alongside.
> 
>   Thank you.
> 
> Br, Mika
> 
> P.S: The usual disclaimer: I hope I have not misunderstood anything in the the aforementioned specs.
> 
> _______________________________________________
> IntelMQ-dev mailing list
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev https://docs.intelmq.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20241003/ddab5add/attachment.sig>

More information about the IntelMQ-dev mailing list