In this blog CERT.at's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of CERT.at
Alternatively you can receive CERT.at's blog as a feed.
IntelMQ release 2.3.3 with support for new Shadowserver feeds
The newest IntelMQ release 2.3.3 comes with various error corrections and supports a bunch of new feeds provided by the non-profit Shadowserver.
Flexible taxonomies and new software for the tag2domain project
Domain Names are the center piece of locating services on the internet and they can be used for a variety of purposes and services. Understanding the type of services a Domain Name offers is one of the key aspects of Internet Security. In another post last year we already introduced tag2domain, our tagging / labelling framework for domain names that helps us to better understand this landscape of services and software.
IntelMQ bug fix release 2.3.1
This IntelMQ version did not gain any major features and is a sole product maintenance release. It covers various minor error corrections in the IntelMQ software, and usability enhancements for the new API. We thank all contributors who participated in this release!
NIS2 Proposal: First feedback on the normative text
The first draft for the new NIS directive is a mixed bag: some points are very welcome, but a few things need to be changed.
This are my first remarks on the normative text.
IntelMQ 2.3.0 with IntelMQ API, Docker, Shadowserver Reports API support, new documentation home and more
Today we released the newest IntelMQ version 2.3.0 along with its companion tools - the IntelMQ Manager and the new IntelMQ API.
This version comes with significant changes, being an important intermediate step for the 3.0 release scheduled for summer 2021.
A look at the NIS 2.0 Recitals
The EU Commission published a first draft of the new version of the NIS Directive. Here are my comments to the recitals that preface the actual normative text.
Abuse.ch URLhaus is a new data feed for our notifications
Since Wednesday January 13th, 2021 we are sending data of the URLhaus Feeds of the abuse.ch-project as part of our regular notifications to network owners.
In this article we describe how we process this feed using IntelMQ.
IntelMQ offers tutorial lessons and a new documentation page
The IntelMQ tutorial guides through various features and tools of IntelMQ while the new documentation page features a better reading experience and a significantly improved navigation
Development of the „Constituency-Portal“ 2.0
Our partner Intevation GmbH develops the next generation of the "Consituency-Portal", our tool for administraion of contact information.
tag2domain - a system for labeling DNS domains
tag2domain is a sub-project within the CEF-TC-2018-3 project of nic.at GmbH / CERT.at. It lays down the fundamental groundwork for doing proper statistics on IT security incidents for domain names (i.e. "how to label and count correctly in a future-proof way").