intelmq.bots.parsers.spamhaus package¶
Submodules¶
intelmq.bots.parsers.spamhaus.parser_cert module¶
Header of the File: ; Bots filtered by last 1 hours, prepared for <CERTNAME> on UTC = … ; Copyright © 2015 The Spamhaus Project Ltd. All rights reserved. ; No re-distribution or public access allowed without Spamhaus permission. ; Fields description: ; ; 1 - Infected IP ; 2 - ASN ; 3 - Country Code ; 4 - Lastseen Timestamp (in UTC) ; 5 - Bot Name ; Command & Control (C&C) information, if available: ; 6 - C&C Domain ; 7 - Remote IP (connecting to) ; 8 - Remote Port (connecting to) ; 9 - Local Port ; 10 - Protocol ; Additional fields may be added in the future without notice ; ; ip, asn, country, lastseen, botname, domain, remote_ip, remote_port, local_port, protocol
- class intelmq.bots.parsers.spamhaus.parser_cert.SpamhausCERTParserBot(*args, **kwargs)¶
Bases:
ParserBot
Parse the Spamhaus CERT feed
- parse_line(row, report)¶
A generator which can yield one or more messages contained in line.
Report has the full message, thus you can access some metadata. Override for your use.
intelmq.bots.parsers.spamhaus.parser_drop module¶
Single IntelMQ parser for Spamhaus drop feeds
- intelmq.bots.parsers.spamhaus.parser_drop.BOT¶
alias of
SpamhausDropParserBot
- class intelmq.bots.parsers.spamhaus.parser_drop.SpamhausDropParserBot(*args, **kwargs)¶
Bases:
ParserBot
Parse the Spamhaus DROP, EDROP, DROPv6, and ASN-DROP feeds
- ASN_DROP_URLS = {'https://www.spamhaus.org/drop/asndrop.txt'}¶
- NETWORK_DROP_URLS = {'https://www.spamhaus.org/drop/drop.lasso', 'https://www.spamhaus.org/drop/drop.txt', 'https://www.spamhaus.org/drop/dropv6.txt', 'https://www.spamhaus.org/drop/edrop.txt'}¶
- parse_line(line, report)¶
A generator which can yield one or more messages contained in line.
Report has the full message, thus you can access some metadata. Override for your use.