intelmq.bots.collectors.shadowserver package¶

Submodules¶

Shadowserver Reports API Collector Bot

SPDX-FileCopyrightText: 2020 Intelmq Team <intelmq-team@cert.at> SPDX-License-Identifier: AGPL-3.0-or-later

intelmq.bots.collectors.shadowserver.collector_reports_api.BOT¶: alias of ShadowServerAPICollectorBot

class intelmq.bots.collectors.shadowserver.collector_reports_api.ShadowServerAPICollectorBot(*args, **kwargs)¶

Connects to the Shadowserver API, requests a list of all the reports for an organization and processes the ones that are new

Parameters:

api_key (str) – Your Shadowserver API key
secret (str) – Your Shadowserver API secret
country (str) – DEPRECIATED The mailing list you want to download reports for (i.e. ‘austria’)
reports (list) – A list of strings or a comma-separated list of the mailing lists you want to process.
types (list) – A list of strings or a string of comma-separated values with the names of reporttypes you want to process. If you leave this empty, all the available reports will be downloaded and processed (i.e. ‘scan’, ‘drones’, ‘intel’, ‘sandbox_connection’, ‘sinkhole_combined’).
file_format (str) – File format to download (‘csv’ or ‘json’). The default is ‘json’ for compatibility. Using ‘csv’ is recommended for best performance.

_report_download(reportid: str)¶: Download one report from the shadowserver API via the reports/download endpoint

_reports_list(date=None)¶: Get a list of all the reports shadowserver has for an organization via the reports/list endpoint. If a list of types is set in the parameters, we only process reports with those types. To be on the safe side regarding different calculations of timestamps, we request reports over a timespan of four days: two days in the past until one day in the future. The names of processed reports are cached and therefore not processed again.

process()¶: Download reports and send them. Cache the filename of the report to not download the same report again.