IntelMQ Ecosystem

IntelMQ is more than a the core library itself and many programs are developed around in the IntelMQ initiative. This document provides an overview of the ecosystem and all related tools. If you think something is missing, please let us know!

IntelMQ “Core”

This is IntelMQ itself, as it is available on github.

It includes all the bots, the harmonization, etc.

IntelMQ Manager

The Manager is the most known software and can be seen as the face of IntelMQ. This software provides a graphical user interface to the management tool intelmqctl.

Repository: IntelMQ Manager

intelmq-webinput-csv

A web-based interface to inject CSV data into IntelMQ with on-line validation and live feedback.

Repository: intelmq-webinput-csv

intelmq-cb-mailgen

A solution allowing an IntelMQ setup with a complex contact database, managed by a web interface and sending out aggregated email reports. (In different words: To send grouped notifications to network owners using SMTP.)

Repository: intelmq-cb-mailgen

IntelMQ Fody + Backend

Fody is a web based interface for intelmq-mailgen’s contact database and the EventDB. It can also be used to just query the EventDB.

The certbund-contact expert fetches the information from this contact database and provides scripts to import RIPE data into the contact database.

Repository: intelmq-fody

Repository: intelmq-fody-backend

Repository: intelmq-certbund-contact

intelmq-mailgen

The email sending part:

Repository: intelmq-mailgen

“Constituency Portal” tuency

A web application helping CERTs to enable members of their constituency to self-administrate how they get warnings related to their network objects (IP addresses, IP ranges, autonomous systems, domains). tuency is developed by Intevation for CERT.at.

If features organizational hierarchies, contact roles, self-administration and network objects per organization (Autonomous systems, network ranges, (sub-)domains, RIPE organization handles). A network object claiming and approval process prevents abuse. An hierarchical rule-system on the network objects allow fine-grained settings. The tagging system for contacts and organization complement the contact-management features of the portal. Authentication is based on keycloak, which enables the re-use of the user accounts in the portal. The integrated API enables IntelMQ to query the portal for the right abuse contact and notification settings with the Tuency expert.

Repository: tuency

“Constituency Portal” do-portal (not developed any further)

Note: The do-portal is deprecated and succeeded by tuency.

A contact portal with organizational hierarchies, role functionality and network objects based on RIPE, allows self-administration by the contacts. Can be queried from IntelMQ and integrates the stats-portal.

Repository: do-portal

stats-portal

A Grafana-based statistics portal for the EventDB. Integrated in do-portal.

Repository: stats-portal

Malware Name Mapping

A mapping for malware names of different feeds with different names to a common family name.

Repository: malware_name_mapping

IntelMQ-Docker

A repository with tools for IntelMQ docker instance.

Repository: intelmq-docker