intelmq.bots.experts.idea package¶
Submodules¶
intelmq.bots.experts.idea.expert module¶
IDEA classification: https://idea.cesnet.cz/en/classifications
- intelmq.bots.experts.idea.expert.BOT¶
alias of
IdeaExpertBot
- class intelmq.bots.experts.idea.expert.IdeaExpertBot(*args, **kwargs)¶
Bases:
ExpertBot
Convert events into the IDEA format
- TYPE_TO_CATEGORY = {'application-compromise': 'Intrusion.AppCompromise', 'blacklist': 'Other', 'brute-force': 'Attempt.Login', 'burglary': 'Intrusion', 'c2-server': 'Intrusion.Botnet', 'copyright': 'Fraud.Copyright', 'data-leak': 'Information', 'data-loss': 'Information', 'ddos': 'Availability.DDoS', 'ddos-amplifier': 'Intrusion.Botnet', 'dga-domain': 'Anomaly.Behaviour', 'dos': 'Availability.DoS', 'exploit': 'Attempt.Exploit', 'harmful-speech': 'Abusive.Harassment', 'ids-alert': 'Attempt.Exploit', 'infected-system': 'Malware', 'information-disclosure': 'Information.UnauthorizedAccess', 'malware': 'Malware', 'malware-configuration': 'Malware', 'malware-distribution': 'Malware', 'masquerade': 'Fraud.Scam', 'misconfiguration': 'Availability.Outage', 'other': 'Other', 'outage': 'Availability.Outage', 'phishing': 'Fraud.Phishing', 'potentially-unwanted-accessible': 'Vulnerable.Open', 'privileged-account-compromise': 'Intrusion.AdminCompromise', 'proxy': 'Vulnerable.Config', 'sabotage': 'Availability.Sabotage', 'scanner': 'Recon.Scanning', 'sniffing': 'Recon.Sniffing', 'social-engineering': 'Recon.SocialEngineering', 'spam': 'Abusive.Spam', 'system-compromise': 'Intrusion.AdminCompromise', 'test': 'Test', 'tor': 'Other', 'unauthorised-information-access': 'Information.UnauthorizedAccess', 'unauthorised-information-modification': 'Information.UnauthorizedModification', 'unauthorized-use-of-resources': 'Fraud.UnauthorizedUsage', 'undetermined': 'Other', 'unprivileged-account-compromise': 'Intrusion.UserCompromise', 'violence': 'Abusive.Violence', 'vulnerable-system': 'Vulnerable.Config', 'weak-crypto': 'Vulnerable.Config'}¶
- TYPE_TO_SOURCE_TYPE = {'c2-server': 'CC', 'dga-domain': 'DGA', 'malware-configuration': 'MalwareConf', 'malware-distribution': 'Malware', 'phishing': 'Phishing', 'proxy': 'Proxy', 'tor': 'Tor'}¶
- get_value(src, value)¶
- init()¶
- process()¶
- process_dict(src, description)¶
- process_list(src, description)¶
- test_mode: bool = False¶
- intelmq.bots.experts.idea.expert.addr4(s)¶
- intelmq.bots.experts.idea.expert.addr6(s)¶
- intelmq.bots.experts.idea.expert.quot(s)¶