intelmq.bots.collectors.microsoft package

Submodules

intelmq.bots.collectors.microsoft.collector_azure module

Uses the azure.storage.blob module. Tested with version 12.13.1

intelmq.bots.collectors.microsoft.collector_azure.BOT

alias of MicrosoftAzureCollectorBot

class intelmq.bots.collectors.microsoft.collector_azure.MicrosoftAzureCollectorBot(*args, **kwargs)

Bases: CollectorBot, CacheMixin

Fetch data blobs from a Microsoft Azure container

connection_string: str = '<insert your connection string here>'

container_name: str = '<insert the container name>'

init()

process()

rate_limit: int = 3600

redis_cache_db: int = '5'

redis_cache_host: str = '127.0.0.1'

redis_cache_password: str = None

redis_cache_port: int = 6379

redis_cache_ttl: int = 864000

intelmq.bots.collectors.microsoft.collector_interflow module

https://interflow.portal.azure-api.net/

Example:

[{ “indicatorthreattype”: “Botnet”, “description”: “B106-Dynamer”, “indicatorexpirationdatetime”: “2017-04- 05T20:21:09.0000000Z”, “tlplevel”: “Green”, “severity”: 60, “firstreporteddatetime”: 131356377289905913, “version”: 1.5, “tags”: [“ccTLD”,“ASN”], “networksourceipv4”: “xxx.xxx.xxx.xxx”, Microsoft Confidential”networksourceport”: 23041, “networkdestinationipv4”: “yyy.yyy.yyy.yyy”, “networkdestinationport”: 9003, “isproductlicensed”: “True”, “ispartnershareable”: “True” }]

Parameter: * api_key: The API key * file_match: an optional regex to match filenames * not_older_than: optional

intelmq.bots.collectors.microsoft.collector_interflow.BOT

alias of MicrosoftInterflowCollectorBot

class intelmq.bots.collectors.microsoft.collector_interflow.MicrosoftInterflowCollectorBot(*args, **kwargs)

Bases: CollectorBot, HttpMixin, CacheMixin

Fetch data from the Microsoft Interflow API

api_key: str = ''

check_ttl_time()

Checks if the cache’s TTL is big enough compared to the chosen time frame so that the bot does not process the same data over and over.

file_match = None

http_timeout_sec: int = 300

init()

not_older_than: str = '2 days'

print_filelist()

Can be called from the debugger for example.

process()

rate_limit: int = 3600

redis_cache_db: str = '5'

redis_cache_host: str = '127.0.0.1'

redis_cache_password: str = None

redis_cache_port: int = 6379

redis_cache_ttl: int = 604800

Module contents