Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shadowserver Parser: missing mapping for sinkhole_dns parser #1716

Closed
ghost opened this issue Jan 22, 2021 · 2 comments · Fixed by #1735
Closed

Shadowserver Parser: missing mapping for sinkhole_dns parser #1716

ghost opened this issue Jan 22, 2021 · 2 comments · Fixed by #1735
Assignees
@waldbauer-certat
Labels
bug Indicates an unexpected problem or unintended behavior component: bots
Milestone
2.3.0

Comments

@ghost
Copy link

ghost commented Jan 22, 2021

We are missing a mapping for this feed: https://www.shadowserver.org/what-we-do/network-reporting/sinkhole-dns-report/
@ghost ghost added bug Indicates an unexpected problem or unintended behavior component: bots labels Jan 22, 2021
@ghost ghost added this to the 2.3.0 milestone Jan 22, 2021
@ghost ghost self-assigned this Jan 26, 2021
@ghost
Copy link

ghost commented Jan 28, 2021

This report lists DNS queries seen from recursive DNS servers for sinkholed domains. Please note that the IP listed are not the
same as the actual source IP of the client that is making the query and hence are likely not infected hosts. This report therefore
is to be used primarily to support investigations into a threat, and not as a source of direct identification of infected hosts.

not sure how useful that information is in IntelMQ

@ghost
Copy link
Author

ghost commented Jan 30, 2021

not sure how useful that information is in IntelMQ

Maybe not for every user, but surely for some of them.

@waldbauer-certat waldbauer-certat self-assigned this Feb 5, 2021
@waldbauer-certat waldbauer-certat mentioned this issue Feb 5, 2021
Merged
@ghost ghost removed their assignment Feb 8, 2021
@ghost ghost closed this as completed in 5e5b463 Feb 15, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@waldbauer-certat waldbauer-certat

Labels
bug Indicates an unexpected problem or unintended behavior component: bots
Projects
None yet
Milestone
2.3.0
Development

Successfully merging a pull request may close this issue.

Added ShadowServer sinkholeDNS mappings certtools/intelmq
1 participant
@waldbauer-certat