intelmq.bots.parsers.netlab_360 package

Submodules

intelmq.bots.parsers.netlab_360.parser module

IntelMQ parser for Netlab 360 data feeds.

intelmq.bots.parsers.netlab_360.parser.BOT

alias of intelmq.bots.parsers.netlab_360.parser.Netlab360ParserBot

class intelmq.bots.parsers.netlab_360.parser.Netlab360ParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.ParserBot

Parse the Netlab 360 DGA, Hajime, Magnitude and Mirai feeds

DGA_FEED = {'http://data.netlab.360.com/feeds/dga/dga.txt', 'https://data.netlab.360.com/feeds/dga/dga.txt'}
HAJIME_SCANNER_FEED = {'http://data.netlab.360.com/feeds/hajime-scanner/bot.list', 'https://data.netlab.360.com/feeds/hajime-scanner/bot.list'}
MAGNITUDE_FEED = {'http://data.netlab.360.com/feeds/ek/magnitude.txt', 'https://data.netlab.360.com/feeds/ek/magnitude.txt'}
MIRAI_SCANNER_FEED = {'http://data.netlab.360.com/feeds/mirai-scanner/scanner.list', 'https://data.netlab.360.com/feeds/mirai-scanner/scanner.list'}
parse_line(line, report)

A generator which can yield one or more messages contained in line.

Report has the full message, thus you can access some metadata. Override for your use.

Module contents