Zeek-Intelligence-Feeds icon indicating copy to clipboard operation
Zeek-Intelligence-Feeds copied to clipboard

Published 20 hours ago verified publisher icon CriticalPathSecurity

[feature] Provide more list metadata

Open T145 opened this issue 2 years ago • 4 comments

Presently the provider of each list is detailed in some cases, but there is still quite a bit of ambiguity. For example, there is no index where a "meta.source" column can be compared to validate where it is the data comes from. A user is left to assume any list content labeled with "CPS" is directly managed by CPS, whether is this true or not. Having the list provider's homepage and the list's raw URL provided would reassure users that the data in these lists is not being modified beyond transforming it into a different format. This information wouldn't need to have entirely new columns throughout each list to be added. In fact, having the "meta.source" column at all is unnecessary if there is proper documentation elsewhere.

T145 avatar Aug 19 '22 21:08 T145

If you could provide a bit more information. Each threat intelligence feed is named after the source that it's pulled from.

Patrick-Kelley avatar Aug 21 '22 15:08 Patrick-Kelley

If you could provide a bit more information. Each threat intelligence feed is named after the source that it's pulled from.

I've updated the main post to be more precise and accurate. Hope it helps!

T145 avatar Aug 21 '22 19:08 T145

An example section in the project README could look something like this:

SOURCES

Provider Homepage List URL License/TOU
OpenPhish https://openphish.com/index.html https://openphish.com/feed.txt https://openphish.com/terms.html
...

T145 avatar Aug 21 '22 19:08 T145

Certainly!

I'll work to get that provided for you all.

Patrick-Kelley avatar Aug 30 '22 20:08 Patrick-Kelley

Done. Apologies for the delay. Busy year.

Patrick-Kelley avatar Nov 18 '22 15:11 Patrick-Kelley