Overview
XARF schemas conform to a wide range of pre-existing report types. They use common field names across each schema, so the receiving network operator may easily automate and consume the format. Since field naming in one schema maps to other schemas, the standard makes report management scaling at the recipient easier, allowing the network operator to act on vulnerabilities, abuse, and fraud faster.
Example Use Cases
Trademark and Copyright
Brand and Intellectual Property theft are one of the most abundant forms of fraud that pervades the internet today.
Shapeshifting imposters and unauthorized resellers of media or fake knockoffs profit off of the hard work of others. Furthermore, a network operator that does not have clean processes for handling these types of abuse reports places their safe harbor at risk.
XARF provides a uniform reporting format that helps both the Trademark Holder and Copyright Owner by allowing the network operator to apply automation to alerts and takedown requests. This reduces workload since it no longer requires a human to open every single unique report and manually work through them one by one.
See Trademark and Copyright schemas.
Dictionary Attacks via Fail2Ban
SSH attacks are the most common ways that bad actors compromise accounts.
Fail2Ban is the most common open-source solution for dealing with these attacks.
XARF provides a uniform reporting format that helps the network operator to apply uniform automation to address compromised systems and bad actors hiding in their network, thus mitigating and resolving these problems quickly at their root.
See a LogIn Attack schema.
Spam and Phish Reporting
Spam, whether unwanted mail, phishing, or spear phishing, all presents a considerable problem. The quicker evidence gets into the hands of the Network Operator in a uniform format, the sooner patterns of abuse can emerge.
XARF provides a way for network operators to digest in a common format. It is built from MARF, the IETF standard for reporting generic “This is Spam” complaints but extends it by adding additional functionality.
Abusix’s AbuseHQ – the security and abuse orchestration platform – increases network security, lowers reputational and legal risk, and increases subscriber safety by allowing network service providers to receive, automatically analyze, cluster, understand and manage XARF and many other types of abuse reports and related logs quickly.
See Spam and Phishing schemas.
More Use Cases
More schemas include
- botnet
- child abuse
- copyright
- open service
- portscan
- rpz
To see all existing schemas examples, please look at our samples in our Github Project.
Custom Use Cases
Custom XARF schemas are used between many country CERTs because XARF uses common field names across all schemas. Thus, the standard helps custom or new abuse or vulnerability schemas used between CERTs, network, or DNS operations scale faster.
Participate in our Github Project
Learn more about the XARF Format
This will help you learn more about Submitting data via the API to Data Channels
Send us a message
Having trouble with your set up or a technical issue? Get in touch with our team of Abusix experts.
Click the chat button at the bottom and send us your questions. Alternatively, you can email us at [email protected]
also, follow our LinkedIn Channel for updates & subscribe to our YouTube Channel for the latest Abusix how-to-videos.