intelmq.bots.parsers.mcafee package


intelmq.bots.parsers.mcafee.parser_atd module

ATDParserBot parses McAfee Advanced Threat Defense reports. This bot generates one message per identified IOC: - hash values of original sample and any identified dropped file - IP addresses the sample tries to connect to - FQDNs the sample tries to connect to

Parameter: verdict_severity: defines the minimum severity of reports to be parsed

severity ranges from 1 to 5

class intelmq.bots.parsers.mcafee.parser_atd.ATDParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)


Parse IoCs from McAfee Advanced Threat Defense reports (hash, IP, URL)

ATD_TYPE_MAPPING = {'Ipv4': 'destination.ip', 'Md5': 'malware.hash.md5', 'Name': '', 'Port': 'destination.port', 'Sha1': 'malware.hash.sha1', 'Sha256': 'malware.hash.sha256', 'Url': 'destination.fqdn', 'domain': 'source.fqdn', 'hostname': 'source.fqdn'}
verdict_severity: int = 4

alias of intelmq.bots.parsers.mcafee.parser_atd.ATDParserBot

Module contents