intelmq.bots.experts.ripe package¶
Submodules¶
intelmq.bots.experts.ripe.expert module¶
Reference: https://stat.ripe.net/docs/data_api https://github.com/RIPE-NCC/whois/wiki/WHOIS-REST-API-abuse-contact
- intelmq.bots.experts.ripe.expert.BOT¶
alias of
RIPEExpertBot
- class intelmq.bots.experts.ripe.expert.RIPEExpertBot(*args, **kwargs)¶
Bases:
ExpertBot
,CacheMixin
Fetch abuse contact and/or geolocation information for the source and/or destination IP addresses and/or ASNs of the events
- GEOLOCATION_REPLY_TO_INTERNAL = {('cc', 'country'), ('city', 'city'), ('latitude', 'latitude'), ('longitude', 'longitude')}¶
- QUERY = {'db_asn': 'https://rest.db.ripe.net/abuse-contact/as{}.json', 'db_ip': 'https://rest.db.ripe.net/abuse-contact/{}.json', 'stat': 'https://stat.ripe.net/data/abuse-contact-finder/data.json?resource={}', 'stat_geolocation': 'https://stat.ripe.net/data/maxmind-geo-lite/data.json?resource={}'}¶
- REPLY_TO_DATA = {'db_asn': <function RIPEExpertBot.<lambda>>, 'db_ip': <function RIPEExpertBot.<lambda>>, 'stat': <function RIPEExpertBot.<lambda>>, 'stat_geolocation': <function RIPEExpertBot.<lambda>>}¶
- init()¶
- mode: str = 'append'¶
- process()¶
- query_ripe_db_asn: bool = True¶
- query_ripe_db_ip: bool = True¶
- query_ripe_stat_asn: bool = True¶
- query_ripe_stat_geolocation: bool = True¶
- query_ripe_stat_ip: bool = True¶
- redis_cache_db: int = 10¶
- redis_cache_host: str = '127.0.0.1'¶
- redis_cache_password: str = None¶
- redis_cache_port: int = 6379¶
- redis_cache_ttl: int = 86400¶
- intelmq.bots.experts.ripe.expert.clean_geo(geo_data)¶
Clean RIPE reply specifics for geolocation query
- intelmq.bots.experts.ripe.expert.clean_string(s)¶
Clean RIPE reply specifics for splittable string replies