New Feat.: Warninglists can be a dict with value and comments + New list: List of IPs from the SANS ISC research feed #304
Conversation
…nerator scripts. Simultaneous inclusion in generate_all.sh
HiS3
changed the title
…le to get the comments to the IP-Adresse in the warninglist
…inglists into add_sans_research
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
I have managed to ensure that the values can now also have comments, as mentioned above and already possible in the GUI. If the lists use the type string, the comments are also displayed directly in the MISP events, as here 
For this to be possible, the warning list must become a dict. This is also permitted in the MISP code. However, it is not provided in Since some fundamental changes are now to be made here so that the new warning list also works in this way. I can also store these changes in a separate pull request. In general, however, I think that this would be a good extension of the lists, which more people will certainly want to use. @adulau what do you think about this ? |
HiS3
changed the title
|
I love the idea. I just need to dig a bit deeper to be sure it fits in the pipeline. The only issue I see is with existing lists and organisations using it as-is without MISP, if the format changes, it might break some people’s code. |
|
I'm glad to hear that you like the idea :) |
2 participants
Add a list of IPs from the SANS ISC research feed and the matching generator scripts
generate-isc-sans-research.py.Simultaneous inclusion ingenerate_all.shI would actually like to have the list in this form
so that you then have a direct assignment of which researcher is behind the IP.
But in contrast to how it is with Add List via the Web GUI in MISP, I only get hits in search results if I enter the complete string, e.g.102.165.30.99 # netsystems and not with
102.165.30.99.If @adulau or someone else has an idea what I need to change, I'll be happy to add it.