[IntelMQ-dev] RFC new compromised_iot report
elsif
elsif at shadowserver.org
Mon Sep 23 16:07:53 CEST 2024
Hello,
We have a new report that will begin tomorrow.
https://www.shadowserver.org/what-we-do/network-reporting/compromised-iot-report/
Please let me know if you have any recommended changes for the following
mapping for the report.
Regards,
Jason
"compromised_iot" : {
"constant_fields" : {
"classification.identifier" : "compromised-iot",
"classification.taxonomy" : "intrusions",
"classification.type" : "system-compromise"
},
"feed_name" : "Compromised-IoT-Device",
"file_name" : "compromised_iot",
"optional_fields" : [
[
"malware.name",
"family",
"validate_to_none"
],
[
"extra.",
"severity",
"validate_to_none"
],
[
"protocol.transport",
"protocol"
],
[
"source.reverse_dns",
"hostname"
],
[
"extra.",
"tag"
],
[
"source.asn",
"asn",
"invalidate_zero"
],
[
"source.geolocation.cc",
"geo"
],
[
"source.geolocation.region",
"region"
],
[
"source.geolocation.city",
"city"
],
[
"extra.source.naics",
"naics",
"invalidate_zero"
],
[
"extra.",
"hostname_source",
"validate_to_none"
],
[
"extra.source.sector",
"sector",
"validate_to_none"
],
[
"extra.",
"device_vendor",
"validate_to_none"
],
[
"extra.",
"device_type",
"validate_to_none"
],
[
"extra.",
"device_model",
"validate_to_none"
],
[
"extra.",
"device_version",
"validate_to_none"
],
[
"extra.",
"source_type",
"validate_to_none"
],
[
"event_description.text",
"category",
"validate_to_none"
],
[
"status",
"status"
],
[
"extra.",
"detail",
"validate_to_none"
],
[
"extra.",
"public_source",
"validate_to_none"
],
[
"source.account",
"account",
"validate_to_none"
],
[
"extra.",
"server_host_key",
"validate_to_none"
],
[
"extra.",
"malpubkey_sha256",
"validate_to_none"
]
],
"required_fields" : [
[
"time.source",
"timestamp",
"add_UTC_to_timestamp"
],
[
"source.ip",
"ip",
"validate_ip"
],
[
"source.port",
"port",
"convert_int"
]
],
"url" :
"https://www.shadowserver.org/what-we-do/network-reporting/compromised-iot-report/"
},
More information about the IntelMQ-dev
mailing list