IntelMQ is a solution for CERTs to process data feeds, pastebins, tweets throught a message queue.
Project description
Welcome to IntelMQ!
===================
.. figure:: https://raw.githubusercontent.com/certtools/intelmq/master/docs/images/Logo_Intel_MQ.png
:alt: IntelMQ
IntelMQ
|Build Status| |Coverage Status| |codecov.io|
**IntelMQ** is a solution for CERTs for collecting and processing
security feeds, pastebins, tweets and log files using a message queuing
protocol. It's a community driven initiative called **IHAP** (Incident
Handling Automation Project) which was conceptually designed by European
CERTs during several InfoSec events. Its main goal is to give to
incident responders an easy way to collect & process threat intelligence
thus improving the incident handling processes of CERTs.
IntelMQ's design was influenced by
`AbuseHelper <https://bitbucket.org/clarifiednetworks/abusehelper>`__,
however it was re-written from scratch and aims at:
- Reduce the complexity of system administration
- Reduce the complexity of writing new bots for new data feeds
- Reduce the probability of events lost in all process with persistence
functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Integration of the existing tools (AbuseHelper, CIF)
- Provide easy way to store data into Log Collectors like
ElasticSearch, Splunk
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTFUL API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
Table of Contents
-----------------
1. `How to Install <#how-to-install>`__
2. `Developers Guide <#dev-guide>`__
3. `IntelMQ Manager <#control-platform>`__
4. `Incident Handling Automation
Project <#incident-handling-automation-project>`__
5. `Data Harmonization <#data-harmonization>`__
6. `Licence <#licence>`__
## How to Install
See `UserGuide <docs/User-Guide.md>`__.
## Developers Guide
See `Developers Guide <docs/Developers-Guide.md>`__.
## IntelMQ Manager
Check the `tool <https://github.com/certtools/intelmq-manager>`__ and
manage easily IntelMQ system.
## Incident Handling Automation Project
- **URL:**
http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation
- **Mailing-list:** ihap@lists.trusted-introducer.org
## Data Harmonization
IntelMQ use the Data Harmonization. Check the following
`document <docs/Data-Harmonization.md>`__.
## Licence
This software is licensed under GNU Affero General Public License
version 3
.. |Build Status| image:: https://travis-ci.org/certtools/intelmq.svg?branch=master
:target: https://travis-ci.org/certtools/intelmq
.. |Coverage Status| image:: https://coveralls.io/repos/github/certtools/intelmq/badge.svg?branch=master
:target: https://coveralls.io/github/certtools/intelmq?branch=master
.. |codecov.io| image:: https://codecov.io/github/certtools/intelmq/coverage.svg?branch=master
:target: https://codecov.io/github/certtools/intelmq?branch=master
===================
.. figure:: https://raw.githubusercontent.com/certtools/intelmq/master/docs/images/Logo_Intel_MQ.png
:alt: IntelMQ
IntelMQ
|Build Status| |Coverage Status| |codecov.io|
**IntelMQ** is a solution for CERTs for collecting and processing
security feeds, pastebins, tweets and log files using a message queuing
protocol. It's a community driven initiative called **IHAP** (Incident
Handling Automation Project) which was conceptually designed by European
CERTs during several InfoSec events. Its main goal is to give to
incident responders an easy way to collect & process threat intelligence
thus improving the incident handling processes of CERTs.
IntelMQ's design was influenced by
`AbuseHelper <https://bitbucket.org/clarifiednetworks/abusehelper>`__,
however it was re-written from scratch and aims at:
- Reduce the complexity of system administration
- Reduce the complexity of writing new bots for new data feeds
- Reduce the probability of events lost in all process with persistence
functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Integration of the existing tools (AbuseHelper, CIF)
- Provide easy way to store data into Log Collectors like
ElasticSearch, Splunk
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTFUL API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
Table of Contents
-----------------
1. `How to Install <#how-to-install>`__
2. `Developers Guide <#dev-guide>`__
3. `IntelMQ Manager <#control-platform>`__
4. `Incident Handling Automation
Project <#incident-handling-automation-project>`__
5. `Data Harmonization <#data-harmonization>`__
6. `Licence <#licence>`__
## How to Install
See `UserGuide <docs/User-Guide.md>`__.
## Developers Guide
See `Developers Guide <docs/Developers-Guide.md>`__.
## IntelMQ Manager
Check the `tool <https://github.com/certtools/intelmq-manager>`__ and
manage easily IntelMQ system.
## Incident Handling Automation Project
- **URL:**
http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation
- **Mailing-list:** ihap@lists.trusted-introducer.org
## Data Harmonization
IntelMQ use the Data Harmonization. Check the following
`document <docs/Data-Harmonization.md>`__.
## Licence
This software is licensed under GNU Affero General Public License
version 3
.. |Build Status| image:: https://travis-ci.org/certtools/intelmq.svg?branch=master
:target: https://travis-ci.org/certtools/intelmq
.. |Coverage Status| image:: https://coveralls.io/repos/github/certtools/intelmq/badge.svg?branch=master
:target: https://coveralls.io/github/certtools/intelmq?branch=master
.. |codecov.io| image:: https://codecov.io/github/certtools/intelmq/coverage.svg?branch=master
:target: https://codecov.io/github/certtools/intelmq?branch=master
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
intelmq-1.0.0.dev4.tar.gz
(701.5 kB
view details)
Built Distribution
File details
Details for the file intelmq-1.0.0.dev4.tar.gz.
File metadata
- Download URL: intelmq-1.0.0.dev4.tar.gz
- Upload date:
- Size: 701.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2a2150fdf35f50fb47aaaea4155a40bc95aac094feed01f1c8641f8a21ed0220 |
|
| MD5 | 6e1cbcefde4b03e82d356e9500b238e3 |
|
| BLAKE2b-256 | 394b2ae455596719b3def1fa27a918ec3a0944cb7fc50fba3fef2a4820f71b8f |
File details
Details for the file intelmq-1.0.0.dev4-py2.py3-none-any.whl.
File metadata
- Download URL: intelmq-1.0.0.dev4-py2.py3-none-any.whl
- Upload date:
- Size: 222.5 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b1271566a8a70b8c16940be30b2a837cee4ab68bfcea52419635b10a0c7fba19 |
|
| MD5 | 57ff4bb0459d96f2fd6a87fe28a17a7c |
|
| BLAKE2b-256 | b05ee5130dac907e8a8f740f70a568f429d059848a2a33d6122d190c988051c4 |
