intelmq.bots.parsers.cert_eu package

Submodules

intelmq.bots.parsers.cert_eu.parser_csv module

CERT-EU parser

“city”, # empty “source location”, # just a combination of long and lat “country”, # empty “as name”, # empty

reported cc, reported as name: ignored intentionally

intelmq.bots.parsers.cert_eu.parser_csv.BOT

alias of CertEUCSVParserBot

class intelmq.bots.parsers.cert_eu.parser_csv.CertEUCSVParserBot(*args, **kwargs)

Bases: ParserBot

Parse CSV data of the CERT-EU feed

ABUSE_TO_INTELMQ = {'backdoor': 'system-compromise', 'blacklist': 'blacklist', 'botnet drone': 'infected-system', 'brute-force': 'brute-force', 'c2server': 'c2-server', 'compromised server': 'system-compromise', 'ddos infrastructure': 'ddos', 'ddos target': 'ddos', 'defacement': 'unauthorised-information-modification', 'dropzone': 'other', 'exploit url': 'exploit', 'ids alert': 'ids-alert', 'malware url': 'malware-distribution', 'malware-configuration': 'malware-configuration', 'phishing': 'phishing', 'ransomware': 'infected-system', 'scanner': 'scanner', 'spam infrastructure': 'spam', 'test': 'test', 'vulnerable service': 'vulnerable-system'}

parse(report: Report)

A basic CSV Dictionary parser. The resulting lines are dictionaries with the column names as keys.

parse_line(line, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

recover_line(line: dict | str | None = None) → str

Converts dictionaries to csv. self.csv_fieldnames must be list of fields. Respect saved line ending.

Module contents