feat(list): Added Guardicore feed

Author: T145

data/v2/manifest.json

@@ -12171,5 +12171,38 @@
       "https://zonefiles.io/f/compromised/ip/live/"
     ],
     "topic": "SECURITY"
+  },
+  "akmai_guardicore": {
+    "active": true,
+    "checksums": {},
+    "content": {
+      "filter": "NONE",
+      "retriever": "ARIA2",
+      "type": "TEXT"
+    },
+    "formats": [
+      {
+        "filter": "GUARDICORE_DOMAIN",
+        "format": "DOMAIN"
+      },
+      {
+        "filter": "GUARDICORE_IPV4",
+        "format": "IPV4"
+      },
+      {
+        "filter": "GUARDICORE_DNS_IPV4",
+        "format": "IPV4"
+      }
+    ],
+    "metadata": {
+      "description": "https://threatintelligence.akamai.com/download-guardicore-cyber-threat-intelligence-data.html",
+      "homepage": "https://threatintelligence.akamai.com/index.html",
+      "license": "all-rights-reserved"
+    },
+    "method": "BLOCK",
+    "mirrors": [
+      "https://threatintelligence.akamai.com/downloads/latest.json"
+    ],
+    "topic": "SECURITY"
   }
 }

scripts/v2/apply_filters.bash

@@ -156,6 +156,9 @@ process_list() {
 			'TINYCHECK_WHITELIST_CIDR') jaq -r '.elements[] | select(.type == "cidr").element' ;;
 			'PRIVACY_BADGER') jaq -r '.action_map | to_entries[] | select(.value.heuristicAction == "block").key' ;;
 			'PHISHFORT') jaq -r '.[]' ;;
+			'GUARDICORE_DOMAIN') jaq -r '.malicious_domains[].dns_record' ;;
+			'GUARDICORE_IPV4') jaq -r '.top_attackers[], .scanners[], .connect_back_ips[] | .ip' ;;
+			'GUARDICORE_DNS_IPV4') jaq -r '.malicious_domains[] | select(.ips != null).ips | split(",";"")[] | sub("\/32";"")' ;;
 			esac
 			;;
 		# Match domains in URLs: https://regex101.com/r/iC9eN2/1