intelmq.bots.collectors.shadowserver package¶
Submodules¶
intelmq.bots.collectors.shadowserver.collector_reports_api module¶
Shadowserver Reports API Collector Bot
SPDX-FileCopyrightText: 2020 Intelmq Team <intelmq-team@cert.at> SPDX-License-Identifier: AGPL-3.0-or-later
- intelmq.bots.collectors.shadowserver.collector_reports_api.BOT¶
alias of
ShadowServerAPICollectorBot
- class intelmq.bots.collectors.shadowserver.collector_reports_api.ShadowServerAPICollectorBot(*args, **kwargs)¶
Bases:
CollectorBot
,HttpMixin
,CacheMixin
Connects to the Shadowserver API, requests a list of all the reports for an organization and processes the ones that are new
- Parameters:
api_key (str) – Your Shadowserver API key
secret (str) – Your Shadowserver API secret
country (str) – DEPRECIATED The mailing list you want to download reports for (i.e. ‘austria’)
reports (list) – A list of strings or a comma-separated list of the mailing lists you want to process.
types (list) – A list of strings or a string of comma-separated values with the names of reporttypes you want to process. If you leave this empty, all the available reports will be downloaded and processed (i.e. ‘scan’, ‘drones’, ‘intel’, ‘sandbox_connection’, ‘sinkhole_combined’).
file_format (str) – File format to download (‘csv’ or ‘json’). The default is ‘json’ for compatibility. Using ‘csv’ is recommended for best performance.
- _report_download(reportid: str)¶
Download one report from the shadowserver API via the reports/download endpoint
- _reports_list(date=None)¶
Get a list of all the reports shadowserver has for an organization via the reports/list endpoint. If a list of types is set in the parameters, we only process reports with those types. To be on the safe side regarding different calculations of timestamps, we request reports over a timespan of four days: two days in the past until one day in the future. The names of processed reports are cached and therefore not processed again.
- api_key = None¶
- country = None¶
- file_format = None¶
- init()¶
- process()¶
Download reports and send them. Cache the filename of the report to not download the same report again.
- rate_limit: int = 86400¶
- redis_cache_db: int = 12¶
- redis_cache_host: str = '127.0.0.1'¶
- redis_cache_password: str | None = None¶
- redis_cache_port: int = 6379¶
- redis_cache_ttl: int = 864000¶
- reports = None¶
- secret = None¶
- types = None¶