intelmq.bots.parsers.cert_eu package¶
Submodules¶
intelmq.bots.parsers.cert_eu.parser_csv module¶
CERT-EU parser
“city”, # empty “source location”, # just a combination of long and lat “country”, # empty “as name”, # empty
reported cc, reported as name: ignored intentionally
- intelmq.bots.parsers.cert_eu.parser_csv.BOT¶
alias of
CertEUCSVParserBot
- class intelmq.bots.parsers.cert_eu.parser_csv.CertEUCSVParserBot(*args, **kwargs)¶
Bases:
ParserBot
Parse CSV data of the CERT-EU feed
- ABUSE_TO_INTELMQ = {'backdoor': 'system-compromise', 'blacklist': 'blacklist', 'botnet drone': 'infected-system', 'brute-force': 'brute-force', 'c2server': 'c2-server', 'compromised server': 'system-compromise', 'ddos infrastructure': 'ddos', 'ddos target': 'ddos', 'defacement': 'unauthorised-information-modification', 'dropzone': 'other', 'exploit url': 'exploit', 'ids alert': 'ids-alert', 'malware url': 'malware-distribution', 'malware-configuration': 'malware-configuration', 'phishing': 'phishing', 'ransomware': 'infected-system', 'scanner': 'scanner', 'spam infrastructure': 'spam', 'test': 'test', 'vulnerable service': 'vulnerable-system'}¶
- parse(report: Report)¶
A basic CSV Dictionary parser. The resulting lines are dictionaries with the column names as keys.
- parse_line(line, report)¶
A generator which can yield one or more messages contained in line.
Report has the full message, thus you can access some metadata. Override for your use.
- recover_line(line: dict | str | None = None) str ¶
Converts dictionaries to csv. self.csv_fieldnames must be list of fields. Respect saved line ending.