intelmq.bots.parsers.cymru package¶
Submodules¶
intelmq.bots.parsers.cymru.parser_cap_program module¶
- intelmq.bots.parsers.cymru.parser_cap_program.BOT¶
alias of
CymruCAPProgramParserBot
- class intelmq.bots.parsers.cymru.parser_cap_program.CymruCAPProgramParserBot(*args, **kwargs)¶
Bases:
ParserBotParse the Cymru CAP Program feed
- parse(report)¶
A generator yielding the single elements of the data.
Comments, headers etc. can be processed here. Data needed by self.parse_line can be saved in self.tempdata (list).
Default parser yields stripped lines. Override for your use or use an existing parser, e.g.:
parse = ParserBot.parse_csv
- You should do that for recovering lines too.
recover_line = ParserBot.recover_line_csv
- parse_bot_old(comment_split, report_type, event)¶
- parse_line_new(line, report)¶
The format is two following: category|address|asn|timestamp|optional_information|asninfo Therefore very similar to CSV, just with the pipe as separator category: the type (resulting in classification.*) and optional_information needs to be parsed differently per category address: source.ip asn: source.asn timestamp: time.source optional_information: needs special care.
For some categories it needs parsing, as it contains a mapping of keys to values, whereas the meaning of the keys can differ between the categories For categories in MAPING_COMMENT, this field only contains one value. For the category ‘bruteforce’ both situations apply. Previously, the bruteforce events only had the protocol in the comment, while most other categories had a mapping. Now, the bruteforce categories also uses the type-value syntax. So we need to support both formats, the old and the new. See also https://github.com/certtools/intelmq/issues/1794
asninfo: source.as_name
- parse_line_old(line, report)¶
intelmq.bots.parsers.cymru.parser_full_bogons module¶
- intelmq.bots.parsers.cymru.parser_full_bogons.BOT¶
alias of
CymruFullBogonsParserBot
- class intelmq.bots.parsers.cymru.parser_full_bogons.CymruFullBogonsParserBot(*args, **kwargs)¶
Bases:
ParserBotParse the Cymru Full Bogons feed
- parse(report)¶
A generator yielding the single elements of the data.
Comments, headers etc. can be processed here. Data needed by self.parse_line can be saved in self.tempdata (list).
Default parser yields stripped lines. Override for your use or use an existing parser, e.g.:
parse = ParserBot.parse_csv
- You should do that for recovering lines too.
recover_line = ParserBot.recover_line_csv
- parse_line(val: str, report)¶
A generator which can yield one or more messages contained in line.
Report has the full message, thus you can access some metadata. Override for your use.
