Shadowserver feeds: Microsoft Sinkhole report split #2019
Labels
Milestone
Comments
ghost
self-assigned this
ghost
mentioned this issue
ghost
pushed a commit
that referenced
this issue
Aug 16, 2021
Microsoft Sinkhole Report has been replaced by two reports: Microsoft Sinkhole Events Report and Microsoft Sinkhole HTTP Events Report. Added the config, added the tests, csv files, license files and mentioned the changes in the CHANGELOG. Fixes: #2019
ghost
pushed a commit
that referenced
this issue
Aug 16, 2021
Microsoft Sinkhole Report has been replaced by two reports: Microsoft Sinkhole Events Report and Microsoft Sinkhole HTTP Events Report. Added the config, added the tests, csv files, license files and mentioned the changes in the CHANGELOG. Fixes: #2019
ghost
pushed a commit
that referenced
this issue
Aug 16, 2021
Microsoft Sinkhole Report has been replaced by two reports: Microsoft Sinkhole Events Report and Microsoft Sinkhole HTTP Events Report. Added the config, added the tests, csv files, license files and mentioned the changes in the CHANGELOG. Fixes: #2019
waldbauer-certat
pushed a commit
that referenced
this issue
Aug 16, 2021
Microsoft Sinkhole Report has been replaced by two reports: Microsoft Sinkhole Events Report and Microsoft Sinkhole HTTP Events Report. Added the config, added the tests, csv files, license files and mentioned the changes in the CHANGELOG. Fixes: #2019
waldbauer-certat
pushed a commit
that referenced
this issue
Sep 9, 2021
Microsoft Sinkhole Report has been replaced by two reports: Microsoft Sinkhole Events Report and Microsoft Sinkhole HTTP Events Report. Added the config, added the tests, csv files, license files and mentioned the changes in the CHANGELOG. Fixes: #2019
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Looking at some more new feeds, there were two more feed changes made on June 8 which replace the existing Microsoft Sinkhole report:
https://www.shadowserver.org/what-we-do/network-reporting/microsoft-sinkhole-events-report/
https://www.shadowserver.org/what-we-do/network-reporting/microsoft-sinkhole-http-events-report/
Looking at the report and the mapping at https://github.com/certtools/intelmq/blob/develop/intelmq/bots/parsers/shadowserver/_config.py#L2856, the formats seem to match the other sinkhole report fields, so we could possibly just add new mappings for these reports like:
If anyone else is also looking at this, would be interested in your thoughts on this approach.
Originally posted by @chorsley in #1964 (comment)
The text was updated successfully, but these errors were encountered: