intelmq.bots.parsers.mcafee package

Submodules

intelmq.bots.parsers.mcafee.parser_atd module

ATDParserBot parses McAfee Advanced Threat Defense reports. This bot generates one message per identified IOC: - hash values of original sample and any identified dropped file - IP addresses the sample tries to connect to - FQDNs the sample tries to connect to

Parameter: verdict_severity: defines the minimum severity of reports to be parsed severity ranges from 1 to 5

class intelmq.bots.parsers.mcafee.parser_atd.ATDParserBot(*args, **kwargs)

Bases: ParserBot

Parse IoCs from McAfee Advanced Threat Defense reports (hash, IP, URL)

ATD_TYPE_MAPPING = {'Ipv4': 'destination.ip', 'Md5': 'malware.hash.md5', 'Name': 'malware.name', 'Port': 'destination.port', 'Sha1': 'malware.hash.sha1', 'Sha256': 'malware.hash.sha256', 'Url': 'destination.fqdn', 'domain': 'source.fqdn', 'hostname': 'source.fqdn'}

process()

verdict_severity: int = 4

intelmq.bots.parsers.mcafee.parser_atd.BOT

alias of ATDParserBot

Module contents