intelmq.bots.parsers.spamhaus package

Submodules

intelmq.bots.parsers.spamhaus.parser_cert module

Header of the File: ; Bots filtered by last 1 hours, prepared for <CERTNAME> on UTC = … ; Copyright © 2015 The Spamhaus Project Ltd. All rights reserved. ; No re-distribution or public access allowed without Spamhaus permission. ; Fields description: ; ; 1 - Infected IP ; 2 - ASN ; 3 - Country Code ; 4 - Lastseen Timestamp (in UTC) ; 5 - Bot Name ; Command & Control (C&C) information, if available: ; 6 - C&C Domain ; 7 - Remote IP (connecting to) ; 8 - Remote Port (connecting to) ; 9 - Local Port ; 10 - Protocol ; Additional fields may be added in the future without notice ; ; ip, asn, country, lastseen, botname, domain, remote_ip, remote_port, local_port, protocol

class intelmq.bots.parsers.spamhaus.parser_cert.SpamhausCERTParserBot(*args, **kwargs)

Bases: ParserBot

Parse the Spamhaus CERT feed

parse_line(row, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

intelmq.bots.parsers.spamhaus.parser_drop module

Single IntelMQ parser for Spamhaus drop feeds

intelmq.bots.parsers.spamhaus.parser_drop.BOT

alias of SpamhausDropParserBot

class intelmq.bots.parsers.spamhaus.parser_drop.SpamhausDropParserBot(*args, **kwargs)

Bases: ParserBot

Parse the Spamhaus DROP, EDROP, DROPv6, and ASN-DROP feeds

ASN_DROP_URLS = {'https://www.spamhaus.org/drop/asndrop.txt'}

NETWORK_DROP_URLS = {'https://www.spamhaus.org/drop/drop.lasso', 'https://www.spamhaus.org/drop/drop.txt', 'https://www.spamhaus.org/drop/dropv6.txt', 'https://www.spamhaus.org/drop/edrop.txt'}

parse_line(line, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

Module contents