intelmq.bots.parsers.netlab_360 package

Submodules

intelmq.bots.parsers.netlab_360.parser module

IntelMQ parser for Netlab 360 data feeds.

intelmq.bots.parsers.netlab_360.parser.BOT

alias of Netlab360ParserBot

class intelmq.bots.parsers.netlab_360.parser.Netlab360ParserBot(*args, **kwargs)

Bases: ParserBot

Parse the Netlab 360 DGA, Hajime, Magnitude and Mirai feeds

DGA_FEED = {'http://data.netlab.360.com/feeds/dga/dga.txt', 'https://data.netlab.360.com/feeds/dga/dga.txt'}

HAJIME_SCANNER_FEED = {'http://data.netlab.360.com/feeds/hajime-scanner/bot.list', 'https://data.netlab.360.com/feeds/hajime-scanner/bot.list'}

MAGNITUDE_FEED = {'http://data.netlab.360.com/feeds/ek/magnitude.txt', 'https://data.netlab.360.com/feeds/ek/magnitude.txt'}

MIRAI_SCANNER_FEED = {'http://data.netlab.360.com/feeds/mirai-scanner/scanner.list', 'https://data.netlab.360.com/feeds/mirai-scanner/scanner.list'}

parse_line(line, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

Module contents