Add overview description for CTI classification table

[mazzma12]

No description provided.

[aws-amplify-eu-west-1]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-769.d1to60jd2gb6y6.amplifyapp.com

[mazzma12]

@buixor @rr404 how do you feel about the presentation ? I thought maybe having bullet points in the summary would make it easier to read ->

• hosts_malware:*: IP identified as hosting live payloads associated with known malware families.
• botnet:*: IP associated with known botnets, based on the exploited CVE(s) and the payload they spread (e.g. Mirai).
• profile:*: Describe the services publicly exposed by the machine (e.g. profile:insecure_services).
• ai-crawler:*: AI company using to index the data used to train Large Language Models. Such companies (OpenAPI, ByteDance, Anthropic ... ) are heavy consumers of the internet bandwidth and result in a large amount of traffic. They can be directly consumed inside a specialized blocklist available here.
• ai-search:*: AI search engine that is used by users to search the internet. They are coming from an AI agent, and are not used directly to train the AI models compared to the AI crawlers category. But the results is the same in terms of traffic load, as they can be part of an automation workflow. IPs can be directly consumed inside a specialized blocklist available here.
• device:*: The IP is associated with a device having known security weaknesses.
• proxy:*: Hosts identified as proxies based on the services they expose and/or their behaviour. IPs be directly consumed inside a specialized blocklist available here.
• group:*: Cohort of machines seen attacking in a coordinated fashion. IPs belonging to the same cohort or cluster have been seen to exhibit a new behaviour in a synchronised manner, such as starting to exploit a known vulnerability at the same time (experimental feature).