Skip to content

stripe ips flagging#1799

Merged
buixor merged 1 commit into
masterfrom
stripe_ips
May 15, 2026
Merged

stripe ips flagging#1799
buixor merged 1 commit into
masterfrom
stripe_ips

Conversation

@buixor
Copy link
Copy Markdown
Contributor

@buixor buixor commented May 15, 2026

Description

Checklist

  • I have read the contributing guide
  • I have tested my changes locally
  • For new parsers or scenarios, tests have been added
  • I have run the hub linter and no issues were reported (see contributing guide)
  • Automated tests are passing
  • AI was used to generate any/all content of this PR

Copilot AI review requested due to automatic review settings May 15, 2026 06:56
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 15, 2026

Hello @buixor and thank you for your contribution!

I'm a bot that helps maintainers to validate scenarios and ensure they include all the required information.
I've found some errors in your scenarios, please fix them and re-submit your PR, or ask for help if you need it.

The following items have errors:

crowdsecurity/crs-exclusion-plugin-cpanel:

  • labels not found

crowdsecurity/crs-exclusion-plugin-dokuwiki:

  • labels not found

crowdsecurity/crs-exclusion-plugin-drupal:

  • labels not found

crowdsecurity/crs-exclusion-plugin-nextcloud:

  • labels not found

crowdsecurity/crs-exclusion-plugin-phpbb:

  • labels not found

crowdsecurity/crs-exclusion-plugin-phpmyadmin:

  • labels not found

crowdsecurity/crs-exclusion-plugin-wordpress:

  • labels not found

crowdsecurity/crs-exclusion-plugin-xenforo:

  • labels not found

Mitre ATT&CK

Information about mitre attack can be found here.
As an example, some common mitre attack techniques:

  • T1110 for bruteforce attacks
  • T1595 and T1190 for exploitation of public vulnerabilities
  • T1595 for generic scanning of exposed applications

Expected format is (where XXXX is the technique ID):

labels:
  classification:
    - attack.TXXXX

CVEs

If your scenario covers a specific CVE (Common Vulnerabilities and Exposures), please add it.

Expected format is (where CVE-XXX-XXX is the CVE ID):

labels:
  classification:
    - cve.CVE-XXX-XXX

Behaviors

Please identify the behavior(s) your scenario is targeting. You can find the list of available behaviors here.

Expected format is (where <behavior> is the behavior you want to target):

labels:
  behavior: <behavior>

See the labels documentation for more information.

Copilot AI reviewed May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new false-positive taxonomy entry for Stripe's webhook delivery service so that Stripe webhook source IPs are recognized and not flagged as threats.

Changes:

  • Adds webhook:stripe entry to taxonomy/false_positives.json with description, label, and name.

@buixor buixor merged commit b9067a3 into master May 15, 2026
7 checks passed
@buixor buixor deleted the stripe_ips branch May 15, 2026 08:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@he2ss he2ss he2ss approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@buixor @he2ss