intelmq.bots.outputs.mcafee namespace

Submodules

intelmq.bots.outputs.mcafee.output_esm_ip module

ESMOutputBot connects to McAfee Enterprise Security Manager, and updates IP based watchlists

Parameters: esm_ip: IP Address of ESM esm_user: username to connect to ESM esm_password: Password of esm_user esm_watchlist: Destination watchlist to update field: field from IntelMQ message to extract (e.g. destination.ip)

intelmq.bots.outputs.mcafee.output_esm_ip.BOT

alias of intelmq.bots.outputs.mcafee.output_esm_ip.ESMIPOutputBot

class intelmq.bots.outputs.mcafee.output_esm_ip.ESMIPOutputBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.Bot

Write events to the McAfee Enterprise Security Manager (ESM)

IntelMQ-Bot-Name: McAfee ESM IP

esm_ip: str = '1.2.3.4'
esm_password: str = None
esm_user: str = 'NGCP'
esm_watchlist: str = None
field: str = 'source.ip'
init()
process()