forked from csirtgadgets/csirtg-smrt-v1
-
Notifications
You must be signed in to change notification settings - Fork 0
dataplane_org
Wes edited this page Apr 12, 2017
·
1 revision
parser: pipe
defaults:
tags:
- scanner
- bruteforce
protocol: tcp
provider: dataplane.org
tlp: green
altid_tlp: white
confidence: 9
values:
- null
- null
- indicator
- lasttime
- null
feeds:
# not enough info to be confident they're doing bad things
sshclient:
remote: https://dataplane.org/sshclient.txt
application: ssh
portlist: 22
confidence: 7
tags: scanner
description: 'has been seen initiating an SSH connection'
# pinging the protocol, bad stuff..
ssh:
remote: https://dataplane.org/sshpwauth.txt
application: ssh
portlist: 22
tags:
- scanner
- bruteforce
description: 'seen attempting to remotely login using SSH password authentication'
sipquery:
remote: https://dataplane.org/sipquery.txt
application: sip
protocol: udp
portlist: 5060
description: 'seen initiating a SIP OPTIONS query to a remote host'
sipinvitation:
remote: https://dataplane.org/sipinvitation.txt
application: sip
protocol: udp
portlist: 5060
description: 'seen initiating a SIP INVITE operation to a remote host'
sipregistration:
remote: https://dataplane.org/sipregistration.txt
application: sip
protocol: udp
portlist: 5060
description: 'seen initiating a SIP REGISTER operation to a remote host'