forked from certtools/intelmq
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge #1
Merged
Merged
Merge #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The deprecated shell scripts - `update-asn-data` - `update-geoip-data` - `update-tor-nodes` - `update-rfiprisk-data` have been removed in favor of the built-in update-mechanisms (see the bots' documentation). A crontab file for calling all new update command can be found in `contrib/cron-jobs/intelmq-update-database`. #1404
type `backdoor` is not in RSIT merged into type `system-compromise` update documentation adapt bots depending on the type add changelog and news entries, including SQL update statements
taxonomy names are with dashes, not spaces
make the order in line with the table
add two n6 images directly to the repository, as they are not displayed on readthedocs otherwise: The other websites hosting the images block loading images if the referer does not match a whitelist. we can't add a noreferer HTML attribute in rst as well. the option left is to add the files, that only implies adding the licensing information and the AGPL-3.0 license text as well. add two illustrations on the the flow n6 to intelmq and vice versa, own work. some textual improvements in the document itself.
ignore SVG files because XML attributes in SVG files trigger false-positives #1991 (comment)
Signed-off-by: Sebastian Waldbauer <[email protected]>
The Aggregate Expert might be used to aggregate events within a given timespan and threshold. Signed-off-by: Sebastian Waldbauer <[email protected]>
Signed-off-by: Sebastian Waldbauer <[email protected]>
Signed-off-by: Sebastian Waldbauer <[email protected]>
before calling the upgrade function, properly remove the global block from the runtime configuration. otherwise the upgrade functions will always fail as they can't find required attributes
the internal variable handle and current_line were not prefixed with an underscore, so they were detected as parameters.
fix and simplify formatting of parameters of types lists, non-string values have been ill-treated (by Sebastian Wagner). discovered in #1998 example: - columns_required: - true - false lead to: Handler <function run_autogen at 0x7f5deb6c8bf8> for event 'builder-inited' threw an exception (exception: sequence item 0: expected str instance, bool found)
* DOC: feeds: Add benkow panels tracker * DOC: feeds: rename Benkow malware panels * DOC: feeds: set provider to __PROVIDER__ * DOC: feeds: remove filter text and type as the header is skipped in the configuration * DOC: feeds: bekow collector: modify columns configuration * DOCS: feeds: benkow panels: fix type Co-authored-by: Wagner <[email protected]>
This reverts commit 277f72d. When the runtime configuration is loaded with the default loader and then dumped afterwards, the resulting file is formatted uglily: ``` {file-input: {bod_id: file-input, description: Reads file /assets/*.txt, group: Collectors, name: File Input, enabled: true, module: intelmq.bots.collectors.file.collector_file, run_mode: scheduled, parameters: {path: /assets, postfix: .txt, delete_file: false,... ```
replace pyyaml by ruamel.yaml
add note on YAML comments (not supported), link known issue add missing harmonization.conf
file contains some non ASCII text, open with utf-8 explicitly, otherwise the outcome of the test is env-dependent
skips if the USER is abuild, used by OBS to be used in cases where tests fail in the special environments of OBS but not elsewhere
the * syntax in intelmq.install caused the .install files to be installed to /etc/intelmq/ along the default configuration files, but they definitely do not belong there. Now name the required files explicitly.
as collectors don't have source queues, don't report any (always zero) size for their source queues. This was introduced with the rewrite to the pipeline-runtime-configuration merge, as the source queues got default values, independent if they are useful or not
requires certtools/intelmq-manager#282 fixes #2064 updates, fixes and re-structures the documentation
#2116 revealed that not removing the build directory may result in different files being packaged.
add intro for explanations on differences link to the bots
…f class, adjust apply_mapping
Jinja2 has a JSON serializer, but not a parser. This is the source of many StackOverflow questions and bug reports to projects using Jinja2. Add a function "from_json", which just calls "json.loads", to templates so that they can handle the JSON string in the "output" field of an event.
the HIBP Enterprise feed snippet's nginx example configuration was missing three additional whitespaces of indentation to be rendered as code
FIX: Fixes update-database script on the last few days of a month.
update email addr.
and freenode is abandoned by the FOSS community as well
Added new shadowserver event types and files to _config.py: - Accesible AMQP - Device Identification - SSL Poodle IPv6
Co-authored-by: Sebastian <[email protected]>
Co-authored-by: Sebastian <[email protected]>
Docs: Remove dead IRC channel
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.