Handle type parameter as a string and match by type instead of filena…

certtools / intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

https://docs.intelmq.org/latest/

GNU Affero General Public License v3.0

948 stars 296 forks source link

Handle type parameter as a string and match by type instead of filena… #2495

Closed elsif2 closed 2 months ago

elsif2 commented 2 months ago

The current version expects the types parameter to be a list:

parameters:
      types: [blocklist]

If the parameter is provided as a string instead all report types are matched.

This update adds support for the types parameter to be either a string or a list.

This update also utilizes the type field returned by the API to match the requested types instead of a sub-string match on the filename.

elsif2 commented 2 months ago

The documentation looks fine as-is:

(optional, string/array of strings) An array of strings (or a list of comma-separated values) with the names of report types you want to process. If you leave this empty, all the available reports will be downloaded and processed (i.e. 'scan', 'drones', 'intel', 'sandbox_connection', 'sinkhole_combined'). The possible report types are equivalent to the file names defined the the schema. Please see the Supported Reports of the Shadowserver parser for details.