Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CTIP Parser always overwrites feed.name #2022

Closed
ghost opened this issue Aug 4, 2021 · 0 comments · Fixed by #2112
Closed

CTIP Parser always overwrites feed.name #2022

ghost opened this issue Aug 4, 2021 · 0 comments · Fixed by #2112
Labels
bug Indicates an unexpected problem or unintended behavior component: bots
Milestone
3.1.0

Comments

@ghost
Copy link

ghost commented Aug 4, 2021

The CTIP Parser always sets feed.name to what is found in the data:

intelmq/intelmq/bots/parsers/microsoft/parser_ctip.py

Line 85 in e098e5e

"DataFeed": "feed.name",

intelmq/intelmq/bots/parsers/microsoft/parser_ctip.py

Lines 287 to 288 in e098e5e

if AZURE[key] != '__IGNORE__':
event.add(AZURE[key], value, overwrite=True)

This field should be left as is, if not explicitly required by the user, e.g. with a overwrite parameter, like it is in the Shadowserver parser.
@ghost ghost added bug Indicates an unexpected problem or unintended behavior component: bots labels Aug 4, 2021
@ghost ghost self-assigned this Aug 20, 2021
@ghost ghost added this to the 3.1.0 milestone Aug 20, 2021
ghost pushed a commit that referenced this issue Sep 20, 2021
ENH: ctip parser: added parameter overwrite
f00d5e7 
intelmq.bots.parsers.microsoft.parser_ctip: New parameter `overwrite` (PR#2112 by Sebastian Wagner, fixes #2022).

for azure source: only affects feed.name
for interflow source: no change

fixes #2022
@ghost ghost mentioned this issue Sep 20, 2021
Merged
@ghost ghost closed this as completed in #2112 Sep 21, 2021
ghost pushed a commit that referenced this issue Sep 21, 2021
ENH: ctip parser: added parameter overwrite
1b75604 
intelmq.bots.parsers.microsoft.parser_ctip: New parameter `overwrite` (PR#2112 by Sebastian Wagner, fixes #2022).

for azure source: only affects feed.name
for interflow source: no change

fixes #2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Indicates an unexpected problem or unintended behavior component: bots
Projects
None yet
Milestone
3.1.0
Development

Successfully merging a pull request may close this issue.

ENH: ctip parser: added parameter overwrite certtools/intelmq
0 participants