intelmq.bots.parsers.dshield package

Submodules

intelmq.bots.parsers.dshield.parser_asn module

# created: Tue, 22 Dec 2015 12:19:03 +0000# # Source IP is 0 padded so each byte is three digits long # Reports: number of packets received # Targets: number of target IPs that reported packets from this source. # First Seen: First time we saw a packet from this source # Last Seen: Last time we saw a packet from this source # Updated: Last time the record was updated. # # IPs are removed if they have not been seen in 30 days. # # source IP <tab> Reports <tab> Targets <tab> First Seen <tab> Last Seen <tab> Updated <CR>

intelmq.bots.parsers.dshield.parser_asn.BOT

alias of intelmq.bots.parsers.dshield.parser_asn.DShieldASNParserBot

class intelmq.bots.parsers.dshield.parser_asn.DShieldASNParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.Bot

Parse the DShield AS

process()

intelmq.bots.parsers.dshield.parser_block module

# primary URL: https://feeds.dshield.org/block.txt # PGP Sign.: https://feeds.dshield.org/block.txt.asc # # updated: Tue Dec 15 15:33:38 2015 UTC # # This list summarizes the top 20 attacking class C (/24) subnets # over the last three days. The number of ‘attacks’ indicates the # number of targets reporting scans from this subnet. # # Columns (tab delimited): # (1) start of netblock # (2) end of netblock # (3) subnet (/24 for class C) # (4) number of targets scanned # (5) name of Network # (6) Country # (7) contact email address

intelmq.bots.parsers.dshield.parser_block.BOT

alias of intelmq.bots.parsers.dshield.parser_block.DshieldBlockParserBot

class intelmq.bots.parsers.dshield.parser_block.DshieldBlockParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.Bot

Parse the DShield Block feed

process()

intelmq.bots.parsers.dshield.parser_domain module

# DShield.org Suspicious Domain List # # comments: info@dshield.org # updated: Tue Dec 22 04:10:10 2015 UTC # # This list consists of High Level Sensitivity website URLs # Columns (tab delimited): # # (1) site

intelmq.bots.parsers.dshield.parser_domain.BOT

alias of intelmq.bots.parsers.dshield.parser_domain.DshieldDomainParserBot

class intelmq.bots.parsers.dshield.parser_domain.DshieldDomainParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.Bot

Parse the DShield Suspicious Domains feed

process()

Module contents