intelmq icon indicating copy to clipboard operation
intelmq copied to clipboard
verified publisher icon certtools

Update _config.py

Open oencarnacion opened this issue 3 years ago • 6 comments

New reports added to the config file from Shadowserver:

open_mysql open_smtp open6_ssh open6_smtp scan_quic open6_ssl open_amqp scan_ddos_middlebox open6_telnet scan_ics scan_epmd open_scan_dvr_dhcpdiscover scan_kubernetes scan_socks scan_ssh device_id accessible_ssl

Please read the notes below and replace them with the description of you pull request

Make sure you follow the instructions in the Developer Guide - it describes how to run the test suite and which coding rules to follow.

Commits

Please review your commits before creating a pull request. We try to keep our commit history clean. If you had to fix something in your code and added another commit on top of your existing work, please squash your commits. This makes it a lot easier to find out why things work the way they do later on.

But please also keep in mind that one commit should only contain changes that belong together.

The cardinal rule for creating good commits is to ensure there is only one "logical change" per commit

Thus, if your changes affect multiple files and also contains tests and documentation (which it should), it might make sense to have the tests and the documentation in a separate commit.

Commit Messages

Please explain your changes also in the git commit message. The commit message should contain a subject that gives an overview of the changes in the commit and is limited to 72 characters. It should start with a capital letter and it should not end with a period. Below the subject should be, separated by an empty line, the body of the commit message. The body should explain what the commit changes and why it changes thing the way it does. Explain your modification and also explain why you didn't chose a different approach. See also How To Write a Git Commit Message.

Description

If you are following the commit message guidelines above, all the relevant information should already be part of the commit message. If there is anything else you want to add, feel free to do this here.

oencarnacion avatar Jun 22 '22 19:06 oencarnacion

new reports added to the config file from shadowserver

oencarnacion avatar Jun 22 '22 19:06 oencarnacion

Codecov Report

Merging #2194 (2f72e69) into develop (79cae29) will increase coverage by 0.01%. The diff coverage is 100.00%.

@@             Coverage Diff             @@
##           develop    #2194      +/-   ##
===========================================
+ Coverage    76.34%   76.36%   +0.01%     
===========================================
  Files          441      441              
  Lines        23654    23669      +15     
  Branches      3739     3739              
===========================================
+ Hits         18059    18074      +15     
  Misses        4858     4858              
  Partials       737      737
Impacted Files Coverage Δ
intelmq/bots/parsers/shadowserver/_config.py 98.85% <100.00%> (+0.10%) :arrow_up:

codecov-commenter avatar Jun 22 '22 20:06 codecov-commenter

Hi Sebastian,

I just confirmed and Shadowserver still sends those reports. It was my mistake and I just made the corrections. I'll attach the file to you this way and request your approval again in the repository.

Analista Programador CSIRT-RD Centro Nacional de Ciberseguridad Ministerio de la Presidencia | Presidencia de la República Cel: 849-655-1482 Flot: 829-222-0131 Correo: @.@.> URL: www.cncs.gob.dohttp://www.cncs.gob.do/

@.@.@.*** @.*** La información contenida en este mensaje y/o en los archivos adjuntos es confidencial y está dirigida al uso exclusivo del emisor y/o de la persona o entidad a quien va dirigida. Si usted no es el destinatario, cualquier almacenamiento, divulgación, distribución o copia de esta información está estrictamente prohibida y sancionada por la ley. Si usted recibe este mensaje y/o archivos adjuntos por error, por favor notifique inmediatamente al remitente y borre de su sistema el mensaje y todos los archivos adjuntos. Gracias.

The information in this e-mail and/or attachments is intended to be confidential and only for use of the individual or entity to whom it is addressed and/or the issuer. If you are not the intended recipient, any retention, dissemination, distribution or copying of this message is strictly prohibited and sanctioned by law. If you receive this message and/or attachments in error, please notify the sender immediately and delete this message and all its attachments from your computer. Thank you.

From: Sebastian @.> Sent: Thursday, June 30, 2022 11:26 AM To: certtools/intelmq @.> Cc: Oscar Encarnación @.>; Author @.> Subject: Re: [certtools/intelmq] Update _config.py (PR #2194)

@sebix commented on this pull request.

In intelmq/bots/parsers/shadowserver/_config.pyhttps://github.com/certtools/intelmq/pull/2194#discussion_r910861775:

  • ('SSL-POODLE-Vulnerable-Servers IPv4', 'scan_ssl_poodle', ssl_poodle46_vulnerable_servers),
  • ('SSL-POODLE-Vulnerable-Servers IPv6', 'scan6_ssl_poodle', ssl_poodle46_vulnerable_servers),
  • ('SSL-POODLE-Vulnerable-Servers', 'scan_ssl_poodle', ssl_poodle_vulnerable_servers),

Why did you remove the IPv4/IPv4 file name mappings here? Did shadowserver stop sending reports per IP protocol and just one for both v4 and v6?

In intelmq/bots/parsers/shadowserver/_config.pyhttps://github.com/certtools/intelmq/pull/2194#discussion_r910862597:

  • ('Device-Identification IPv4', 'device_id', device_id),
  • ('Device-Identification IPv6', 'device_id6', device_id),

Same comment as with Poodle: Is this a change by Shadowserver?

Reply to this email directly, view it on GitHubhttps://github.com/certtools/intelmq/pull/2194#pullrequestreview-1024632116, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AU3G4X3NUOHNSL2TVEDIKOLVRVY43ANCNFSM5ZRLN2GA. You are receiving this because you authored the thread.Message ID: @.***>

oencarnacion avatar Jul 01 '22 09:07 oencarnacion

@elsif2 for review

sebix avatar Jul 01 '22 19:07 sebix

The above changes are superseded by https://github.com/certtools/intelmq/pull/2143.

elsif2 avatar Jul 01 '22 19:07 elsif2

Hi @@.***>

Some status on the shadowserver parser bot contribution I made last week?

Analista Programador CSIRT-RD Centro Nacional de Ciberseguridad Ministerio de la Presidencia | Presidencia de la República Cel: 849-655-1482 Flot: 829-222-0131 Correo: @.@.> URL: www.cncs.gob.dohttp://www.cncs.gob.do/

@.@.@.*** @.*** La información contenida en este mensaje y/o en los archivos adjuntos es confidencial y está dirigida al uso exclusivo del emisor y/o de la persona o entidad a quien va dirigida. Si usted no es el destinatario, cualquier almacenamiento, divulgación, distribución o copia de esta información está estrictamente prohibida y sancionada por la ley. Si usted recibe este mensaje y/o archivos adjuntos por error, por favor notifique inmediatamente al remitente y borre de su sistema el mensaje y todos los archivos adjuntos. Gracias.

The information in this e-mail and/or attachments is intended to be confidential and only for use of the individual or entity to whom it is addressed and/or the issuer. If you are not the intended recipient, any retention, dissemination, distribution or copying of this message is strictly prohibited and sanctioned by law. If you receive this message and/or attachments in error, please notify the sender immediately and delete this message and all its attachments from your computer. Thank you.

From: Oscar Encarnación @.> Sent: Friday, July 1, 2022 3:21 PM To: certtools/intelmq @.>; certtools/intelmq @.> Cc: Author @.> Subject: Re: [certtools/intelmq] Update _config.py (PR #2194)

and what about the changes applied shadowserver 2022-06 that I just contributed?

Enviado desde mi Samsung Mobile de Claro Obtener Outlook para Androidhttps://aka.ms/AAb9ysg

From: elsif2 @.@.>> Sent: Friday, July 1, 2022 8:11:23 PM To: certtools/intelmq @.@.>> Cc: Oscar Encarnación @.@.>>; Author @.@.>> Subject: Re: [certtools/intelmq] Update _config.py (PR #2194)

The above changes are superseded by #2143https://github.com/certtools/intelmq/pull/2143.

Reply to this email directly, view it on GitHubhttps://github.com/certtools/intelmq/pull/2194#issuecomment-1172645346, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AU3G4XZGLHC2BAIUML43SY3VR47FXANCNFSM5ZRLN2GA. You are receiving this because you authored the thread.Message ID: @.@.>>

oencarnacion avatar Jul 04 '22 14:07 oencarnacion

@elsif2 Reminder on this PR as well.

sebix avatar Aug 22 '22 10:08 sebix

Thank you for your contribution. This PR has been obsoleted by recent updates. All Shadowserver reports are now supported in the current develop branch and will be included in the 3.1.0 release.

elsif2 avatar Aug 22 '22 14:08 elsif2

and what about the changes applied shadowserver 2022-06 that I just contributed?

Enviado desde mi Samsung Mobile de Claro Obtener Outlook para Androidhttps://aka.ms/AAb9ysg

From: elsif2 @.> Sent: Friday, July 1, 2022 8:11:23 PM To: certtools/intelmq @.> Cc: Oscar Encarnación @.>; Author @.> Subject: Re: [certtools/intelmq] Update _config.py (PR #2194)

The above changes are superseded by #2143https://github.com/certtools/intelmq/pull/2143.

— Reply to this email directly, view it on GitHubhttps://github.com/certtools/intelmq/pull/2194#issuecomment-1172645346, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AU3G4XZGLHC2BAIUML43SY3VR47FXANCNFSM5ZRLN2GA. You are receiving this because you authored the thread.Message ID: @.***>

oencarnacion avatar Oct 11 '22 08:10 oencarnacion

The report types added in your 2022-06 contribution have already been added to the develop branch though a separate PR.

elsif2 avatar Oct 11 '22 14:10 elsif2