intelmq.bots.parsers.mcafee package¶
Submodules¶
intelmq.bots.parsers.mcafee.parser_atd module¶
ATDParserBot parses McAfee Advanced Threat Defense reports. This bot generates one message per identified IOC: - hash values of original sample and any identified dropped file - IP addresses the sample tries to connect to - FQDNs the sample tries to connect to
Parameter: verdict_severity: defines the minimum severity of reports to be parsed severity ranges from 1 to 5
- class intelmq.bots.parsers.mcafee.parser_atd.ATDParserBot(*args, **kwargs)¶
Bases:
ParserBot
Parse IoCs from McAfee Advanced Threat Defense reports (hash, IP, URL)
- ATD_TYPE_MAPPING = {'Ipv4': 'destination.ip', 'Md5': 'malware.hash.md5', 'Name': 'malware.name', 'Port': 'destination.port', 'Sha1': 'malware.hash.sha1', 'Sha256': 'malware.hash.sha256', 'Url': 'destination.fqdn', 'domain': 'source.fqdn', 'hostname': 'source.fqdn'}¶
- process()¶
- verdict_severity: int = 4¶
- intelmq.bots.parsers.mcafee.parser_atd.BOT¶
alias of
ATDParserBot