intelmq icon indicating copy to clipboard operation
intelmq copied to clipboard
verified publisher icon certtools

Taxonomy bot: Handling wrong type/taxonomy

Open ghost opened this issue 8 years ago • 2 comments

Current situation: If one or two of classification.type and classification.taxonomy are missing, it adds the other or both. If both exist, the bot does nothing.

But there are for sure situations where they both values exist but are not allowed. For example the forth test of the taxonomy bot: https://github.com/certtools/intelmq/blob/develop/intelmq/tests/bots/experts/taxonomy/test_expert.py#L36 The used combination is

                 "classification.taxonomy": "vulnerable",
                 "classification.type": "unknown",

The only designated type for the taxonomy vulnerable is vulnerable service. And the type unknown would be mapped to the taxonomy other.

Should the bot deal with such cases?

ghost avatar Aug 07 '17 09:08 ghost

@wagner-certat I think the best approach is have the following principle:

  • if a bot like a parser, defines the type and taxonomy keys with values like the example your mentioned, it should pass. However, if the Taxonomy bot is in the middle of the pipeline and receive that message, the taxonomy bot MUST always ignore the value on taxonomy and only look to type. Using the value of type, the bot MUST overwrite the taxonomy value.

SYNchroACK avatar Jan 17 '18 06:01 SYNchroACK

And issue a warning if that happens?

ghost avatar Jan 17 '18 09:01 ghost