cortex: Add config option to set tlp value

scVENUS / PeekabooAV

Peekaboo Extended Email Attachment Behavior Observation Owl

https://peekabooav.de

GNU General Public License v3.0

66 stars 20 forks source link

cortex: Add config option to set tlp value #190

Closed Jack28 closed 3 years ago

Jack28 commented 3 years ago

Before tlp was fixed to 'green'.

Now the analyzer config for cortex has an option to specify which tlp level to use when submitting to cortex.

Jack28 commented 3 years ago

I would even argue to make TLP:RED the default.

Not for disclosure, restricted to participants only.

Sources may use TLP:RED when  information cannot be effectively acted upon by additional parties, and  could lead to impacts on a party's privacy, reputation, or operations if  misused.

In email it's a private conversation between a usually very limited number of entities. Nobody else should have access to the contents and attachments

michaelweiser commented 3 years ago

Well that's the difference between what users intend their emails to be (private) and what they technically are (public - think port 25 submission via Internet cafe Wifi). If they were to be private, they'd be encrypted. I agree, I'm nitpicking here. ;->

The commit message could still use some rationale regardless, IMO.