DOC: Document new supported Dataplane feeds

monoidic · monoidic · commit e14ec3421a5d · 2021-09-09T16:49:45.000+03:00
diff --git a/intelmq/etc/feeds.yaml b/intelmq/etc/feeds.yaml
@@ -453,15 +453,15 @@ providers:
         collector:
           module: intelmq.bots.collectors.http.collector_http
           parameters:
-            http_url: http://dataplane.org/sshclient.txt
+            http_url: https://dataplane.org/sshclient.txt
             rate_limit: 3600
             name: __FEED__
             provider: __PROVIDER__
         parser:
           module: intelmq.bots.parsers.dataplane.parser
           parameters:
       revision: 2018-01-20
-      documentation: http://dataplane.org/
+      documentation: https://dataplane.org/
       public: true
     SSH Password Authentication:
       description: Entries below consist of fields with identifying characteristics
@@ -474,15 +474,15 @@ providers:
         collector:
           module: intelmq.bots.collectors.http.collector_http
           parameters:
-            http_url: http://dataplane.org/sshpwauth.txt
+            http_url: https://dataplane.org/sshpwauth.txt
             rate_limit: 3600
             name: __FEED__
             provider: __PROVIDER__
         parser:
           module: intelmq.bots.parsers.dataplane.parser
           parameters:
       revision: 2018-01-20
-      documentation: http://dataplane.org/
+      documentation: https://dataplane.org/
       public: true
     SIP Query:
       description: Entries consist of fields with identifying characteristics of a
@@ -495,15 +495,15 @@ providers:
         collector:
           module: intelmq.bots.collectors.http.collector_http
           parameters:
-            http_url: http://dataplane.org/sipquery.txt
+            http_url: https://dataplane.org/sipquery.txt
             rate_limit: 3600
             name: __FEED__
             provider: __PROVIDER__
         parser:
           module: intelmq.bots.parsers.dataplane.parser
           parameters:
       revision: 2018-01-20
-      documentation: http://dataplane.org/
+      documentation: https://dataplane.org/
       public: true
     SIP Registration:
       description: Entries consist of fields with identifying characteristics of a
@@ -516,15 +516,181 @@ providers:
         collector:
           module: intelmq.bots.collectors.http.collector_http
           parameters:
-            http_url: http://dataplane.org/sipregistration.txt
+            http_url: https://dataplane.org/sipregistration.txt
             rate_limit: 3600
             name: __FEED__
             provider: __PROVIDER__
         parser:
           module: intelmq.bots.parsers.dataplane.parser
           parameters:
       revision: 2018-01-20
-      documentation: http://dataplane.org/
+      documentation: https://dataplane.org/
+      public: true
+    DNS Recursion Desired:
+      description: Entries consist of fields with identifying characteristics of a
+        source IP address that has been seen performing a DNS recursion desired query
+        to a remote host. This report lists hosts that are suspicious of more than just
+        port scanning. The host may be DNS server cataloging or searching for hosts
+        to use for DNS-based DDoS amplification.
+      additional_information:
+      bots:
+        collector:
+          module: intelmq.bots.collectors.http.collector_http
+          parameters:
+            http_url: https://dataplane.org/dnsrd.txt
+            rate_limit: 3600
+            name: __FEED__
+            provider: __PROVIDER__
+        parser:
+          module: intelmq.bots.parsers.dataplane.parser
+          parameters:
+      revision: 2021-09-09
+      documentation: https://dataplane.org/
+      public: true
+    DNS Recursion Desired ANY:
+      description: Entries consist of fields with identifying characteristics of a
+        source IP address that has been seen performing a DNS recursion desired IN ANY query
+        to a remote host. This report lists hosts that are suspicious of more than just
+        port scanning. The host may be DNS server cataloging or searching for hosts
+        to use for DNS-based DDoS amplification.
+      additional_information:
+      bots:
+        collector:
+          module: intelmq.bots.collectors.http.collector_http
+          parameters:
+            http_url: https://dataplane.org/dnsrdany.txt
+            rate_limit: 3600
+            name: __FEED__
+            provider: __PROVIDER__
+        parser:
+          module: intelmq.bots.parsers.dataplane.parser
+          parameters:
+      revision: 2021-09-09
+      documentation: https://dataplane.org/
+      public: true
+    DNS Version:
+      description: Entries consist of fields with identifying characteristics of a
+        source IP address that has been seen performing a DNS CH TXT version.bind query
+        to a remote host. This report lists hosts that are suspicious of more than just
+        port scanning. The host may be DNS server cataloging or searching for vulnerable
+        DNS servers.
+      additional_information:
+      bots:
+        collector:
+          module: intelmq.bots.collectors.http.collector_http
+          parameters:
+            http_url: https://dataplane.org/dnsversion.txt
+            rate_limit: 3600
+            name: __FEED__
+            provider: __PROVIDER__
+        parser:
+          module: intelmq.bots.parsers.dataplane.parser
+          parameters:
+      revision: 2021-09-09
+      documentation: https://dataplane.org/
+      public: true
+    Protocol 41:
+      description: Entries consist of fields with identifying characteristics of a
+        host that has been detected to offer open IPv6 over IPv4 tunneling.
+        This could allow for the host to be used a public proxy against IPv6 hosts.
+      additional_information:
+      bots:
+        collector:
+          module: intelmq.bots.collectors.http.collector_http
+          parameters:
+            http_url: https://dataplane.org/proto41.txt
+            rate_limit: 3600
+            name: __FEED__
+            provider: __PROVIDER__
+        parser:
+          module: intelmq.bots.parsers.dataplane.parser
+          parameters:
+      revision: 2021-09-09
+      documentation: https://dataplane.org/
+      public: true
+    SMTP Greet:
+      description: Entries consist of fields with identifying characteristics of a
+        host that has been seen initiating a SMTP HELO/EHLO operation to a remote host.
+        The source report lists hosts that are suspicious of more than just port
+        scanning. The host may be SMTP server cataloging or conducting various forms
+        of email abuse.
+      additional_information:
+      bots:
+        collector:
+          module: intelmq.bots.collectors.http.collector_http
+          parameters:
+            http_url: https://dataplane.org/smtpgreet.txt
+            rate_limit: 3600
+            name: __FEED__
+            provider: __PROVIDER__
+        parser:
+          module: intelmq.bots.parsers.dataplane.parser
+          parameters:
+      revision: 2021-09-09
+      documentation: https://dataplane.org/
+      public: true
+    SMTP Data:
+      description: Entries consist of fields with identifying characteristics of a
+        host that has been seen initiating a SMTP DATA operation to a remote host.
+        The source report lists hosts that are suspicious of more than just port
+        scanning. The host may be SMTP server cataloging or conducting various forms
+        of email abuse.
+      additional_information:
+      bots:
+        collector:
+          module: intelmq.bots.collectors.http.collector_http
+          parameters:
+            http_url: https://dataplane.org/smtpdata.txt
+            rate_limit: 3600
+            name: __FEED__
+            provider: __PROVIDER__
+        parser:
+          module: intelmq.bots.parsers.dataplane.parser
+          parameters:
+      revision: 2021-09-09
+      documentation: https://dataplane.org/
+      public: true
+    Telnet Login:
+      description: Entries consist of fields with identifying characteristics of a
+        host that has been seen initiating a telnet connection to a remote host.
+        The source report lists hosts that are suspicious of more than just port
+        scanning. The host may be telnet server cataloging or conducting
+        authentication attack attempts.
+      additional_information:
+      bots:
+        collector:
+          module: intelmq.bots.collectors.http.collector_http
+          parameters:
+            http_url: https://dataplane.org/telnetlogin.txt
+            rate_limit: 3600
+            name: __FEED__
+            provider: __PROVIDER__
+        parser:
+          module: intelmq.bots.parsers.dataplane.parser
+          parameters:
+      revision: 2021-09-09
+      documentation: https://dataplane.org/
+      public: true
+    VNC/RFB Login:
+      description: Entries consist of fields with identifying characteristics of a
+        host that has been seen initiating a VNC remote buffer session to a remote host.
+        The source report lists hosts that are suspicious of more than just port
+        scanning. The host may be VNC/RFB server cataloging or conducting
+        authentication attack attempts.
+      additional_information:
+      bots:
+        collector:
+          module: intelmq.bots.collectors.http.collector_http
+          parameters:
+            http_url: https://dataplane.org/vncrfb.txt
+            rate_limit: 3600
+            name: __FEED__
+            provider: __PROVIDER__
+        parser:
+          module: intelmq.bots.parsers.dataplane.parser
+          parameters:
+      revision: 2021-09-09
+      documentation: https://dataplane.org/
       public: true
   Turris:
     Greylist:
