intelmq.bots.collectors.shadowserver package

Submodules

intelmq.bots.collectors.shadowserver.collector_reports_api module

Shadowserver Reports API Collector Bot

SPDX-FileCopyrightText: 2020 Intelmq Team <intelmq-team@cert.at> SPDX-License-Identifier: AGPL-3.0-or-later

intelmq.bots.collectors.shadowserver.collector_reports_api.BOT

alias of intelmq.bots.collectors.shadowserver.collector_reports_api.ShadowServerAPICollectorBot

class intelmq.bots.collectors.shadowserver.collector_reports_api.ShadowServerAPICollectorBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.CollectorBot, intelmq.lib.mixins.http.HttpMixin, intelmq.lib.mixins.cache.CacheMixin

Connects to the Shadowserver API, requests a list of all the reports for a specific country and processes the ones that are new

api_key: str

Your Shadowserver API key

secret: str

Your Shadowserver API secret

country: str

The country you want to download reports for (i.e. ‘austria’)

types: list

A list of strings or a string of comma-separated values with the names of reporttypes you want to process. If you leave this empty, all the available reports will be downloaded and processed (i.e. ‘scan’, ‘drones’, ‘intel’, ‘sandbox_connection’, ‘sinkhole_combined’).

_report_download(reportid: str)

Download one report from the shadowserver API via the reports/download endpoint

_reports_list(date=None)

Get a list of all the reports shadowserver has for a specific country via the reports/list endpoint. If a list of types is set in the parameters, we only process reports with those types. To be on the safe side regarding different calculations of timestamps, we request reports over a timespan of four days: two days in the past until one day in the future. The names of processed reports are cached and therefore not processed again.

api_key = None
country = None
init()
process()

Download reports and send them. Cache the filename of the report to not download the same report again.

rate_limit: int = 86400
redis_cache_db: int = 12
redis_cache_host: str = '127.0.0.1'
redis_cache_password: Optional[str] = None
redis_cache_port: int = 6379
redis_cache_ttl: int = 864000
secret = None
types = None

Module contents