intelmq.bots.outputs.cif3 package¶
Submodules¶
intelmq.bots.outputs.cif3.output module¶
Connect to a CIFv3 instance and add indicator(s).
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-FileCopyrightText: 2022 REN-ISAC
A shortened copy of this documentation is kept at docs/user/bots.rst, please keep it current, when changing something.
- param - add_feed_provider_as_tag:
bool, use false when in doubt
- param - cif3_additional_tags:
list of tags to set on submitted indicator(s)
- param - cif3_feed_confidence:
float, used when mapping a feed’s confidence fails or if static confidence param is true
- param - cif3_static_confidence:
bool (use false when in doubt)
- param - cif3_token:
str, API key for accessing CIF
- param - cif3_url:
str, URL of the CIFv3 instance
- param - fireball:
int, used to batch events before submitting to a CIFv3 instance (default is 500 per batch, use 0 to disable batch and send each event as received)
- param - http_verify_cert:
bool, used to tell whether the CIFv3 instance cert should be verified (default true, but can be set to false if using a local test instance)
Example (of some parameters in JSON):
“add_feed_provider_as_tag”: true, “cif3_additional_tags”: [“intelmq”]
- intelmq.bots.outputs.cif3.output.BOT¶
alias of
CIF3OutputBot
- class intelmq.bots.outputs.cif3.output.CIF3OutputBot(*args, **kwargs)¶
Bases:
OutputBot
Submits indicators to a CIFv3 instance
IntelMQ-Bot-Name: CIFv3 API
- _parse_event_to_cif3(intelmq_event)¶
Takes in an IntelMQ event, parses fields to those used by CIFv3 Returns CIFv3 Indicator object
- add_feed_provider_as_tag: bool = False¶
- static check(parameters)¶
The bot’s own check function can perform individual checks on it’s parameters. init() is not called before, this is a staticmethod which does not require class initialization.
- Parameters:
parameters – Bot’s parameters, defaults and runtime merged together
- Returns:
- None or a list of [log_level, log_message] pairs, both
strings. log_level must be a valid log level.
- Return type:
output
- cif3_additional_tags: List[str] = []¶
- cif3_feed_confidence: float = 5¶
- cif3_static_confidence: bool = False¶
- cif3_token: str | None = None¶
- cif3_url: str | None = None¶
- fireball: int = 500¶
- http_verify_cert: bool = True¶
- init()¶
- process()¶