Add extract_cve_from_tag to Shadowserver parser _config.py

certtools / intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

https://docs.intelmq.org/latest/

GNU Affero General Public License v3.0

972 stars 295 forks source link

Closed th-certbund closed 7 months ago

th-certbund commented 8 months ago

"extract_cve_from_tag" returns a sorted comma separated list of CVEs included with "tag" in the Vulnerable-HTTP report, e.g.

extract_cve_from_tag("affected-software;cve-2023-12345;cve-2024-56789;ssl;ssl-freak;vpn") -> "cve-2023-12345,cve-2024-56789"

to be stored in "extra.cve" by adding

     [
        "extra.cve",
        "tag",
        "extract_cve_from_tag"
     ],

to the intelmq.json schema.

elsif2 commented 8 months ago

The functions map needs to be updated to include "extract_cve_from_tag".