diff --git a/config/Shadowserver.php b/config/Shadowserver.php index 87cdd9b..246bc24 100644 --- a/config/Shadowserver.php +++ b/config/Shadowserver.php @@ -59,7 +59,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -73,7 +72,7 @@ 'timestamp', 'port', 'server_type', - 'clisterid', + 'clusterid', 'total_disk', 'livenodes', 'namenodeaddress', @@ -85,7 +84,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -128,7 +126,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -148,7 +145,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -168,7 +164,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -188,7 +183,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -209,7 +203,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -230,7 +223,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -251,7 +243,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -272,7 +263,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -332,7 +322,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -352,7 +341,6 @@ 'region', 'city', 'naics', - 'sic', 'sector', ], ], @@ -373,7 +361,6 @@ 'region', 'city', 'naics', - 'sic', 'sector', ], ], @@ -395,7 +382,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -417,7 +403,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -442,7 +427,6 @@ 'region', 'city', 'naics', - 'sic', ], ], @@ -701,7 +685,7 @@ 'port', 'hostname', 'packets', - 'size', + 'response_size', ], 'filters' => [ 'asn', @@ -723,7 +707,7 @@ 'port', 'hostname', 'packets', - 'size', + 'response_size', ], 'filters' => [ 'asn', @@ -733,6 +717,7 @@ ], ], + //https://www.shadowserver.org/what-we-do/network-reporting/compromised-website-report/ 'compromised_website' => [ 'class' => 'COMPROMISED_WEBSITE', 'type' => 'ABUSE', @@ -753,6 +738,28 @@ ], ], + //https://www.shadowserver.org/what-we-do/network-reporting/compromised-website-report/ + 'compromised_website6' => [ + 'class' => 'COMPROMISED_WEBSITE', + 'type' => 'ABUSE', + 'enabled' => true, + 'fields' => [ + 'ip', + 'timestamp', + 'http_host', + 'category', + 'tag', + 'redirect_target', + ], + 'filters' => [ + 'asn', + 'geo', + 'region', + 'city', + ], + ], + + 'cwsandbox_url' => [ 'class' => 'MALWARE_INFECTION', 'type' => 'ABUSE', @@ -975,6 +982,7 @@ ], ], + // https://www.shadowserver.org/what-we-do/network-reporting/open-ssdp-report/ 'scan_ssdp' => [ 'class' => 'OPEN_SSDP_SERVER', 'type' => 'INFO', @@ -1005,7 +1013,7 @@ 'timestamp', 'protocol', 'port', - 'size', + 'response_size', ], 'filters' => [ 'asn', @@ -1112,6 +1120,7 @@ ], ], + // https://www.shadowserver.org/what-we-do/network-reporting/open-memcached-report/ 'scan_memcached' => [ 'class' => 'OPEN_MEMCACHED_SERVER', 'type' => 'INFO', @@ -1633,6 +1642,24 @@ 'city', ], ], + + //https://www.shadowserver.org/what-we-do/network-reporting/netcore-netis-router-vulnerability-scan-report/ + 'scan_netis_router' => [ + 'class' => 'NETCORE_NETIS_ROUTER_VULNERABILITY_SCAN_REPORT', + 'type' => 'INFO', + 'enabled' => true, + 'fields' => [ + 'timestamp', + 'ip', + 'port', + ], + 'filters' =>[ + 'asn', + 'geo', + 'region', + 'city', + ], + ], //https://www.shadowserver.org/what-we-do/network-reporting/open-db2-discovery-service-report/ 'scan_db2' => [ @@ -1732,8 +1759,26 @@ 'region', 'city', 'naics', - 'sic', - 'response', + ], + ], + + //https://www.shadowserver.org/what-we-do/network-reporting/open-ipp-report/ + 'scan6_ipp' => [ + 'class' => 'OPEN_IPP', + 'type' => 'INFO', + 'enabled' => true, + 'fields' => [ + 'ip', + 'timestamp', + 'protocol', + 'port', + ], + 'filters' => [ + 'asn', + 'geo', + 'region', + 'city', + 'naics', ], ], @@ -2265,7 +2310,6 @@ 'ip', 'hostname', 'port', - 'version', ], 'filters' => [ 'asn', @@ -2286,7 +2330,6 @@ 'ip', 'hostname', 'port', - 'version', ], 'filters' => [ 'asn', @@ -2452,6 +2495,129 @@ ], ], + //https://www.shadowserver.org/what-we-do/network-reporting/accessible-kubernetes-api-server-report/ + 'scan_kubernetes' => [ + 'class' => 'ACCESSIBLE_KUBERNETES', + 'type' => 'INFO', + 'enabled' => true, + 'fields' => [ + 'timestamp', + 'ip', + 'hostname', + 'protocol', + 'port', + ], + 'filters' => [ + 'asn', + 'geo', + 'region', + 'city', + 'naics', + ], + ], + + //https://www.shadowserver.org/what-we-do/network-reporting/accessible-ms-rpc-service-report/ + 'scan_msrpc' => [ + 'class' => 'ACCESSIBLE_MSRPC', + 'type' => 'INFO', + 'enabled' => true, + 'fields' => [ + 'timestamp', + 'ip', + 'hostname', + 'protocol', + 'port', + ], + 'filters' => [ + 'asn', + 'geo', + 'region', + 'city', + 'naics', + ], + ], + + //https://www.shadowserver.org/what-we-do/network-reporting/accessible-imap-report/ + 'scan_imap' => [ + 'class' => 'ACCESSIBLE_IMAP', + 'type' => 'INFO', + 'enabled' => true, + 'fields' => [ + 'timestamp', + 'ip', + 'hostname', + 'protocol', + 'port', + ], + 'filters' => [ + 'asn', + 'geo', + 'region', + 'city', + 'naics', + ], + ], + + //https://www.shadowserver.org/what-we-do/network-reporting/accessible-imap-report/ + 'scan6_imap' => [ + 'class' => 'ACCESSIBLE_IMAP', + 'type' => 'INFO', + 'enabled' => true, + 'fields' => [ + 'timestamp', + 'ip', + 'hostname', + 'protocol', + 'port', + ], + 'filters' => [ + 'asn', + 'geo', + 'region', + 'city', + 'naics', + ], + ], + + //https://www.shadowserver.org/what-we-do/network-reporting/accessible-pop3-report/ + 'scan_pop3' => [ + 'class' => 'ACCESSIBLE_POP3', + 'type' => 'INFO', + 'enabled' => true, + 'fields' => [ + 'timestamp', + 'ip', + 'hostname', + 'port', + ], + 'filters' => [ + 'asn', + 'geo', + 'region', + 'city', + 'naics', + ], + ], + + //https://www.shadowserver.org/what-we-do/network-reporting/accessible-pop3-report/ + 'scan6_pop3' => [ + 'class' => 'ACCESSIBLE_POP3', + 'type' => 'INFO', + 'enabled' => true, + 'fields' => [ + 'timestamp', + 'ip', + 'hostname', + 'port', + ], + 'filters' => [ + 'asn', + 'geo', + 'region', + 'city', + 'naics', + ], + ], ], ];