Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No possibility to classify "malware" itself #1752

Closed
ghost opened this issue Feb 22, 2021 · 2 comments · Fixed by #1917
Closed

No possibility to classify "malware" itself #1752

ghost opened this issue Feb 22, 2021 · 2 comments · Fixed by #1917
Labels
data-format
Milestone
3.0.0

Comments

@ghost
Copy link

ghost commented Feb 22, 2021

The GitHub parser bot test currently fails as it tries to set classification.type to malware. But there is no malware anymore (in RSIT).

https://github.com/certtools/intelmq/runs/1938485712#step:9:45
https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/blob/5479e71/working_copy/humanv1.md

intelmq/intelmq/bots/parsers/github_feed/parser.py

Lines 131 to 132 in f7507ca

event.change('classification.taxonomy', 'malicious code')
event.change('classification.type', 'malware')

There are multiple options how to proceed.

-> Discuss on ML

cc @tomas321
@ghost ghost added the data-format label Feb 22, 2021
@ghost ghost added this to the 3.0.0 milestone Feb 22, 2021
@ghost ghost self-assigned this Feb 22, 2021
@ghost
Copy link
Author

ghost commented Feb 22, 2021

-> Discuss on ML

https://lists.cert.at/pipermail/intelmq-dev/2021-February/000390.html
https://lists.cert.at/pipermail/intelmq-users/2021-February/000205.html

@ghost
Copy link
Author

ghost commented Apr 29, 2021

The conclusion on the ML was:

use 'classification.taxonomy' = 'other' and 'classification.type' = 'malware'

@ghost ghost mentioned this issue Apr 29, 2021
Merged
ghost pushed a commit that referenced this issue May 4, 2021
ENH: harmonization: create and use other/malware
9e86dce 
the classification
malicious code / malware
is replaced by
malcious code / infected system
malcious code / malware-distribution
other / malware for all other cases, i.e. malware itself

fixes #1752
related to #1409
@ghost ghost closed this as completed in #1917 May 4, 2021
ghost pushed a commit that referenced this issue May 4, 2021
ENH: harmonization: create and use other/malware
b2b8a43 
the classification
malicious code / malware
is replaced by
malcious code / infected system
malcious code / malware-distribution
other / malware for all other cases, i.e. malware itself

fixes #1752
related to #1409
waldbauer-certat pushed a commit that referenced this issue May 31, 2022
@waldbauer-certat
ENH: harmonization: create and use other/malware
3fc30bc 
the classification
malicious code / malware
is replaced by
malcious code / infected system
malcious code / malware-distribution
other / malware for all other cases, i.e. malware itself

fixes #1752
related to #1409
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
data-format
Projects
None yet
Milestone
3.0.0
Development

Successfully merging a pull request may close this issue.

Introduce Other/malware classification certtools/intelmq
0 participants