Shadowserver parser docs missing part on feedname

certtools / intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

https://docs.intelmq.org/latest/

GNU Affero General Public License v3.0

976 stars 297 forks source link

Shadowserver parser docs missing part on feedname #2455

Closed gethvi closed 9 months ago

gethvi commented 9 months ago

Shadowserver parser docs says:

A list of possible values of the feedname parameter can be found in the table below in the column "Report Type".

This is no longer true. I understand that the feedname mapping is now gathered from the schema, but still the user doesn't know what feedname he should use for configuration.

If we want to keep the possibility for "fixed report type" we should provide the user with easily accessible values he can use for feedname parameter.

sebix commented 9 months ago

@elsif2

elsif2 commented 9 months ago

The feed_name for each report type is included in the schema:

   "population_msmq" : {
      "constant_fields" : {
         "classification.identifier" : "accessible-msmq",
         "classification.taxonomy" : "vulnerable",
         "classification.type" : "potentially-unwanted-accessible",
         "protocol.application" : "msmq"
      },
      "feed_name" : "Accessible-MSMQ",
      "file_name" : "population_msmq",