intelmq.bots.outputs.rt namespace¶
Submodules¶
intelmq.bots.outputs.rt.output module¶
Request Tracker output bot
Creates a ticket in the specified queue Parameters: rt_uri, rt_user, rt_password, verify_cert - RT API endpoint queue - ticket destination queue cf_mapping - mapping attributes-ticket CFs final_status - what is final status for the created ticket create_investigation - should we create Investigation ticket (in case of RTIR workflow) fieldnames - attributes to include into investigation ticket description_attr - which event attribute contains text message being sent to the recipient
- intelmq.bots.outputs.rt.output.BOT¶
alias of
RTOutputBot
- class intelmq.bots.outputs.rt.output.RTOutputBot(*args, **kwargs)¶
Bases:
OutputBot
Request Tracker ticket creation bot. Create linked Investigation queue ticket if needed, according to the RTIR flow
- cf_mapping = {'classification.taxonomy': 'Classification', 'classification.type': 'Incident Type', 'event_description.text': 'Description', 'extra.incident.importance': 'Importance', 'extra.incident.severity': 'Incident Severity', 'extra.organization.name': 'Customer', 'source.ip': 'IP'}¶
- create_investigation: bool = False¶
- description_attr: str = 'event_description.text'¶
- final_status: str = 'resolved'¶
- init()¶
- investigation_fields: str = 'time.source,time.observation,source.ip,source.port,source.fqdn,source.url,classification.taxonomy,classification.type,classification.identifier,event_description.url,event_description.text,malware.name,protocol.application,protocol.transport'¶
- process()¶
- queue: str = 'Incidents'¶
- rt_password: str = None¶
- rt_uri: str = 'http://localhost/REST/1.0'¶
- rt_user: str = 'apiuser'¶
- verify_cert: bool = True¶