[shadowserver] Fix report types and add report names config

throuxel · throuxel · commit fddafc06808a · 2026-03-30T18:00:04.000+02:00
diff --git a/external-import/shadowserver/.env.sample b/external-import/shadowserver/.env.sample
@@ -17,5 +17,6 @@ SHADOWSERVER_INCIDENT_SEVERITY=low
 SHADOWSERVER_INCIDENT_PRIORITY=P4
 SHADOWSERVER_MAX_THREADS=8
 SHADOWSERVER_REPORT_TYPES=
+SHADOWSERVER_REPORT_NAMES=
 SHADOWSERVER_INITIAL_LOOKBACK=30
 SHADOWSERVER_LOOKBACK=3
diff --git a/external-import/shadowserver/__metadata__/CONNECTOR_CONFIG_DOC.md b/external-import/shadowserver/__metadata__/CONNECTOR_CONFIG_DOC.md
@@ -20,6 +20,7 @@ Below is an exhaustive enumeration of all configurable parameters available, eac
 | SHADOWSERVER_INCIDENT_SEVERITY | `string` |  | string |  | `"low"` | Default incident severity. |
 | SHADOWSERVER_INCIDENT_PRIORITY | `string` |  | string |  | `"P4"` | Default incident priority. |
 | SHADOWSERVER_REPORT_TYPES | `array` |  | string |  | `[]` | List of report types to retrieve. If empty, all report types will be retrieved. |
+| SHADOWSERVER_REPORT_NAMES | `array` |  | string |  | `[]` | List of report names to retrieve. If empty, all report names will be retrieved. |
 | SHADOWSERVER_INITIAL_LOOKBACK | `integer` |  | `0 <= x ` |  | `30` | Number of days to look back for reports during the first run. |
 | SHADOWSERVER_LOOKBACK | `integer` |  | `0 <= x ` |  | `3` | Number of days to look back for reports during subsequent runs. |
 | SHADOWSERVER_MAX_THREADS | `integer` |  | `1 <= x <= 32` |  | `8` | Maximum number of threads used to download and transform reports in parallel. |
diff --git a/external-import/shadowserver/__metadata__/connector_config_schema.json b/external-import/shadowserver/__metadata__/connector_config_schema.json
@@ -106,6 +106,14 @@
       },
       "type": "array"
     },
+    "SHADOWSERVER_REPORT_NAMES": {
+      "default": [],
+      "description": "List of report names to retrieve. If empty, all report names will be retrieved.",
+      "items": {
+        "type": "string"
+      },
+      "type": "array"
+    },
     "SHADOWSERVER_INITIAL_LOOKBACK": {
       "default": 30,
       "description": "Number of days to look back for reports during the first run.",
diff --git a/external-import/shadowserver/config.yml.sample b/external-import/shadowserver/config.yml.sample
@@ -19,5 +19,6 @@ shadowserver:
   incident_priority: 'P4'
   max_threads: 8
   report_types: ''
+  report_names: ''
   initial_lookback: 30
   lookback: 3
diff --git a/external-import/shadowserver/docker-compose.yml b/external-import/shadowserver/docker-compose.yml
@@ -21,6 +21,7 @@ services:
       - SHADOWSERVER_INCIDENT_PRIORITY=P2
       - SHADOWSERVER_MAX_THREADS=8
       - SHADOWSERVER_REPORT_TYPES=
+      - SHADOWSERVER_REPORT_NAMES=
       - SHADOWSERVER_INITIAL_LOOKBACK=30
       - SHADOWSERVER_LOOKBACK=3
     restart: always
diff --git a/external-import/shadowserver/src/shadowserver/connector.py b/external-import/shadowserver/src/shadowserver/connector.py
@@ -55,18 +55,23 @@ def _collect_intelligence(self) -> Generator[tuple[list, str], None, None]:
             marking_refs=marking_refs,
         )
         report_types = self.config.shadowserver.report_types
+        report_names = self.config.shadowserver.report_names
         if report_types:
             self.helper.connector_logger.info(
                 f"Report types to retrieve: {', '.join(report_types)}."
             )
+        if report_names:
+            self.helper.connector_logger.info(
+                f"Report names to retrieve: {', '.join(report_names)}."
+            )
 
         for days_lookback in range(self.lookback, -1, -1):
             stix_objects = []
             date = self.start_time - timedelta(days=days_lookback)
             date_str = date.strftime("%Y-%m-%d")
             self.helper.connector_logger.info(f"Getting reports for {date_str}.")
             report_list = shadowserver_api.get_report_list(
-                date=date_str, reports=report_types
+                date=date_str, reports=report_names, type=report_types
             )
             if not report_list:
                 self.helper.connector_logger.info(f"No reports found for {date_str}.")
diff --git a/external-import/shadowserver/src/shadowserver/settings.py b/external-import/shadowserver/src/shadowserver/settings.py
@@ -85,6 +85,10 @@ class ShadowserverConfig(BaseConfigModel):
         description="List of report types to retrieve. If empty, all report types will be retrieved.",
         default=[],
     )
+    report_names: ListFromString = Field(
+        description="List of report names to retrieve. If empty, all report names will be retrieved.",
+        default=[],
+    )
     initial_lookback: int = Field(
         description="Number of days to look back for reports during the first run.",
         default=30,
