forked from csirtgadgets/csirtg-smrt-v1
-
Notifications
You must be signed in to change notification settings - Fork 0
Examples
Wes edited this page Apr 12, 2017
·
2 revisions
Getting started with YAML is simple, with a basic set of fields it's easy to tell csirtg-smrt how to normalize your data.
parser: csv
#token: < token here -> get one at https://csirtg.io >
defaults:
provider: csirtg.io
altid_tlp: white
altid: https://csirtg.io/search?q={indicator}
tlp: white
confidence: 9
values:
- null
- indicator
- itype
- portlist
- null
- null
- protocol
- application
- null
- null
- lasttime
- description
- null
feeds:
# A feed of IP addresses block by a firewall (e.g. port scanners)
port-scanners:
remote: https://csirtg.io/api/users/csirtgadgets/feeds/port-scanners.csv
defaults:
tags:
- scanner