intelmq
intelmq copied to clipboard
certtools
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Hi, I have a problem with the Mail URL collector bot, when the file size is more than 80M it sometimes fails to download the file, but it marks the...
The `recover_line_csv()` function is joining data with `\r\n`, redgardless of the source file newlines: https://github.com/certtools/intelmq/blob/a2d20df6fd4fa0386fe79e66156537336faf92b0/intelmq/lib/bot.py#L1042 This means that bot test are failing even though the parsing succeeded, because the `raw`...
While we have the "Processed ... messages since last logging" for all other bot types, the output does not have this message for outputs. The reason is that the counter...
When starting bots with the IntelMQ-Manager they crash / stop when the webserver is restarted. Ways to reproduce: 1) Start an arbitrary Bot with IntelMQ-Manager 2) Perform a restart of...
Add new bot: time filter
Right now it seems that intelmq depends on https://pypi.python.org/pypi/termstyle/0.1.10 which is considered "dormant" from the author. Because terminal styling may not be the most important task, I think we may...
- [ ] `intelmq.bots.collectors.mail.collector_mail_attach`: parameter `attach_unzip`
Reported by @kalyparker in https://github.com/certtools/intelmq/issues/1426#issue-471841615 > And finally I spotted a mistake in the actual bot, which execute the "then" when things do not match. missing "return None" ;) >...
``` Bot has found a problem. Traceback (most recent call last): File "/usr/lib/python3/dist-packages/intelmq/lib/bot.py", line 272, in start self.process() File "/usr/lib/python3/dist-packages/intelmq/bots/outputs/elasticsearch/output.py", line 126, in process self.es.index(index=self.get_index(event_dict, default_date=datetime.today().date()), File "/usr/local/lib/python3.8/dist-packages/elasticsearch/client/utils.py", line 168,...
Let's say I have a generic csv parser with following parameters: ```json "parameters": { "columns": [ "source.url", "source.fqdn", "source.ip", "time.source", "__IGNORE__", "__IGNORE__" ], "delimiter": ",", "skip_header": true, "type": "phishing" }...
