This repository has been archived by the owner on Mar 16, 2023. It is now read-only.
proofpoint.py categories list not matching #381
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
The minemeld python script that download security list from proofpoint Emerging Threats service has the categories list that is not matching the proofpoint list.
IP and URL are then assigned a wrong category in minemeld miner
Expected behavior
Current behavior
in /opt/minemeld/engine/0.9.70/lib/python2.7/site-packages/minemeld/ft/proofpoint.py the categories list is written sequentially horewer the categories list from proofpoint is missing some number ID example in the image.
On proofpoint list there are missing some ID (maybe removed from them) this cause mismatch between row and ID.
Right now for example, IP in proofpoint category ID 17 - IPCheck are assigned ROW 17 - Bruteforcer from minemeld.
Possible solution
Sadly, I dont know how to write the script to manage the category ID and not the row.
I will try to add placeholder rows in the minemeld script as a workaround.
Steps to reproduce
Minemeld version in use is 0.9.70.
The text was updated successfully, but these errors were encountered: