intelmq.bots.parsers.shadowserver package

Submodules

intelmq.bots.parsers.shadowserver.parser module

Copyright (C) 2016 by Bundesamt für Sicherheit in der Informationstechnik Software engineering by Intevation GmbH

This is an “all-in-one” parser for a lot of shadowserver feeds. It depends on the configuration in the file “config.py” which holds information on how to treat certain shadowserverfeeds. It uses the report field extra.file_name to determine which config should apply, so this field is required.

This parser will only work with csv files named like 2019-01-01-scan_http-country-geo.csv.

Optional parameters:

overwrite: Bool, default False. If True, it keeps the report’s

feed.name and does not override it with the corresponding feed name.

feedname: The fixed feed name to use if it should not automatically detected.

intelmq.bots.parsers.shadowserver.parser.BOT

alias of ShadowserverParserBot

class intelmq.bots.parsers.shadowserver.parser.ShadowserverParserBot(*args, **kwargs)

Bases: ParserBot

Parse all ShadowServer feeds

feedname = None

init()

overwrite = False

parse(report)

A generator yielding the single elements of the data.

Comments, headers etc. can be processed here. Data needed by self.parse_line can be saved in self.tempdata (list).

Default parser yields stripped lines. Override for your use or use an existing parser, e.g.:

parse = ParserBot.parse_csv

You should do that for recovering lines too.

recover_line = ParserBot.recover_line_csv

parse_line(row, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

recover_line(line: dict | str | None = None) → str

Converts dictionaries to csv. self.csv_fieldnames must be list of fields. Respect saved line ending.

shutdown()

intelmq.bots.parsers.shadowserver.parser_json module

Shadowserver JSON Parser

SPDX-FileCopyrightText: 2020 Intelmq Team <intelmq-team@cert.at> SPDX-License-Identifier: AGPL-3.0-or-later

intelmq.bots.parsers.shadowserver.parser_json.BOT

alias of ShadowserverJSONParserBot

class intelmq.bots.parsers.shadowserver.parser_json.ShadowserverJSONParserBot(*args, **kwargs)

Bases: ParserBot

Parse all Shadowserver feeds in JSON format (data coming from the reports API) Shadowserver JSON Parser

Parameters:

feedname (str) – The name of the feed

feedname = None

get_value_from_config(data, entry)

Given a specific config, get the value for that data based on the entry

init()

overwrite = True

parse(report)

A generator yielding the single elements of the data.

Comments, headers etc. can be processed here. Data needed by self.parse_line can be saved in self.tempdata (list).

Default parser yields stripped lines. Override for your use or use an existing parser, e.g.:

parse = ParserBot.parse_csv

You should do that for recovering lines too.

recover_line = ParserBot.recover_line_csv

parse_line(line: Any, report: Report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

recover_line(line: dict) → str

Reverse of parse for JSON pulses.

Recovers a fully functional report with only the problematic pulse. Using a string as input here is not possible, as the input may span over multiple lines. Output is not identical to the input, but has the same content.

Parameters:

dict. (The line as) –

Returns:

The JSON-encoded line as string.

Return type:

str

Module contents