intelmq.bots.parsers.dshield package

Submodules

intelmq.bots.parsers.dshield.parser_asn module

# created: Tue, 22 Dec 2015 12:19:03 +0000# # Source IP is 0 padded so each byte is three digits long # Reports: number of packets received # Targets: number of target IPs that reported packets from this source. # First Seen: First time we saw a packet from this source # Last Seen: Last time we saw a packet from this source # Updated: Last time the record was updated. # # IPs are removed if they have not been seen in 30 days. # # source IP <tab> Reports <tab> Targets <tab> First Seen <tab> Last Seen <tab> Updated <CR>

intelmq.bots.parsers.dshield.parser_asn.BOT

alias of DShieldASNParserBot

class intelmq.bots.parsers.dshield.parser_asn.DShieldASNParserBot(*args, **kwargs)

Bases: ParserBot

Parse the DShield AS

process()

intelmq.bots.parsers.dshield.parser_block module

# primary URL: https://feeds.dshield.org/block.txt # PGP Sign.: https://feeds.dshield.org/block.txt.asc # # updated: Tue Dec 15 15:33:38 2015 UTC # # This list summarizes the top 20 attacking class C (/24) subnets # over the last three days. The number of ‘attacks’ indicates the # number of targets reporting scans from this subnet. # # Columns (tab delimited): # (1) start of netblock # (2) end of netblock # (3) subnet (/24 for class C) # (4) number of targets scanned # (5) name of Network # (6) Country # (7) contact email address

intelmq.bots.parsers.dshield.parser_block.BOT

alias of DshieldBlockParserBot

class intelmq.bots.parsers.dshield.parser_block.DshieldBlockParserBot(*args, **kwargs)

Bases: ParserBot

Parse the DShield Block feed

process()

Module contents