intelmq.bots.parsers.cert_eu package


intelmq.bots.parsers.cert_eu.parser_csv module

CERT-EU parser

“city”, # empty “source location”, # just a combination of long and lat “country”, # empty “as name”, # empty

reported cc, reported as name: ignored intentionally


alias of intelmq.bots.parsers.cert_eu.parser_csv.CertEUCSVParserBot

class intelmq.bots.parsers.cert_eu.parser_csv.CertEUCSVParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)


Parse CSV data of the CERT-EU feed

ABUSE_TO_INTELMQ = {'backdoor': 'system-compromise', 'blacklist': 'blacklist', 'botnet drone': 'infected-system', 'brute-force': 'brute-force', 'c2server': 'c2-server', 'compromised server': 'system-compromise', 'ddos infrastructure': 'ddos', 'ddos target': 'ddos', 'defacement': 'unauthorised-information-modification', 'dropzone': 'other', 'exploit url': 'exploit', 'ids alert': 'ids-alert', 'malware url': 'malware-distribution', 'malware-configuration': 'malware-configuration', 'phishing': 'phishing', 'ransomware': 'infected-system', 'scanner': 'scanner', 'spam infrastructure': 'spam', 'test': 'test', 'vulnerable service': 'vulnerable-system'}
parse(report: intelmq.lib.message.Report)

A basic CSV Dictionary parser.

parse_line(line, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

recover_line(line: str) str

Converts dictionaries to csv. self.csv_fieldnames must be list of fields.

Module contents