intelmq
intelmq copied to clipboard
certtools
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Current lib/harmonization.py has an ugly coding style, can be simplified a lot, using real inheritance etc.
Some tools: https://wiki.python.org/moin/PythonTestingToolsTaxonomy#Fuzz_Testing_Tools
https://github.com/x0rz/phishing_catcher Could be used to filter on domain similarities as expert bot
If you write: ```sieve if source.asn == '64496' ``` it will never match. You need to write: ```sieve if source.asn == 64496 ``` as `"64496" == 64496)` equals to false...
One more thing, the line: ``` controller|x.x.x.x|12525|2021-03-11 00:02:14|family: http_post;hostname: domain.lv;;port: 80;|INTERNETLTD, LV ``` produces `"malware.name": "http_post"` - is this expected? _Originally posted by @aleksejsv in https://github.com/certtools/intelmq/issues/1795#issuecomment-797462634_
The Generic-DB-Lookup-Expert is Lower-Case vales from databases field to add in the event field.
If the file collector is configured to read data from a non-existing directory, the error message is: > intelmq.lib.exceptions.InvalidArgument: Argument 'path' is invalid. Should be of type: directory. Got '/tmp/foobar/'....
Hello, Today, I worked a little bit on the modify bot for suit my needs :) Result I had a special functionality for comparing 2 fields with regex: ``` {...
Hello Devs I'm struggeling to define an HTTP Site with some Formatting. The Comment on the Code itself of collector_http is incorrect: Delta is a datetime.timedelta JSON string, ex: '{days=-1}'....
Currently there are various problems with the PID file approach for process management. We can improve the situation easily by using file locks on the PID files. Solves problems and...