Feature #7725
closedImport Metacentrum networks as an externally updated feed
0%
Description
Currently we have the GRID group. Unfortunately it's not curated/updated.
The "official" list is at "https://security.metacentrum.cz/export/metacentrum_hosts.csv", and we'd like it to
We could use mentat-netmgr machinery to import it as a new regularly updated feed.
That means downloading the CSV, adding correct contact information, spit it out as Negistry-like JSON and feed it tu mentat-netmgr. (Pretty much as Negistry import does it, just one more conversion step is needed.).
The target address is security@rt.cesnet.cz, however abuse@cesnet.cz should get a copy for CESNET network (but I guess this should happen automatically as networks of abuse@cesnet.cz Mentat group will be also consulted during reporting).
Related issues
Updated by Jakub Judiny 8 months ago
- Related to Bug #7726: Import Casablanca network as an externally updated feed added
Updated by Pavel Kácha 7 months ago
Note from discussion: it might make sense to import CESNET-VIRTUAL* networks as a separate feed (from Meta iteself). (We now have a "Negistry-like" export with ambition to replace Negistry one, and CERTS members using that over OTRS can act a bit differently to general Meta/Grid clients and clean virtualisation machines.)
Updated by Pavel Kácha 7 months ago
- Has duplicate Bug #6209: Reenable Metacentrum network list update added
Updated by Rajmund Hruška 7 months ago
Pavel Kácha, should this group map to __GRID__ group which we have in Mentat? Currently, __GRID__ is a manual group and its reporting setting for low is abuse@metacentrum.cz. Or should there be two groups, and the new one would be named abuse@metacentrum.cz and it should report to security@rt.cesnet.cz?
Updated by Pavel Kácha 7 months ago
The unmaintained GRID data should go away together with abuse@metacentrum.cz, no matter whether with group name or without, so we can keep the name or change it as we see fit.
I'd say to keep the name sufficiently different to make it visibly distinct, and I'd also vote for keeping new group names independent from mail address format (we've already decoupled it). However, dunders are unnecessary and quite superfluous, so I guess Metacentrum or Grid would do.
And target mail just security@rt.cesnet.cz (parent network mail would be carboncopied implicitly, I presume).
Updated by Rajmund Hruška 7 months ago
- Status changed from Resolved to In Review
Updated by Rajmund Hruška 6 months ago
- Status changed from In Review to In Progress
Updated by Rajmund Hruška 6 months ago
- Status changed from In Progress to Resolved
Updated by Rajmund Hruška 6 months ago
- Status changed from Resolved to In Review
Updated by Pavel Kácha 4 months ago
- Related to Feature #7768: Add Metacentrum IPV6 networks to the externally updated feed added