intelmq.bots.parsers.malc0de package

Submodules

intelmq.bots.parsers.malc0de.parser module

IntelMQ parser for Malc0de feeds

intelmq.bots.parsers.malc0de.parser.BOT

alias of intelmq.bots.parsers.malc0de.parser.Malc0deParserBot

class intelmq.bots.parsers.malc0de.parser.Malc0deParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.ParserBot

Parse the Malc0de IP feed in either IP Blacklist, Windows Format or Bind format

BIND_FORMAT = {'http://malc0de.com/bl/ZONES', 'https://malc0de.com/bl/ZONES'}
IP_BLACKLIST = {'http://malc0de.com/bl/IP_Blacklist.txt', 'https://malc0de.com/bl/IP_Blacklist.txt'}
WINDOWS_FORMAT = {'http://malc0de.com/bl/BOOT', 'https://malc0de.com/bl/BOOT'}
parse_line(line, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

Module contents