IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Project description
===================
Welcome to IntelMQ!
===================
.. figure:: https://raw.githubusercontent.com/certtools/intelmq/master/docs/images/Logo_Intel_MQ.png
:alt: IntelMQ
IntelMQ
|Build Status| |codecov.io|
**IntelMQ** is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...)
for collecting and processing security feeds (such as log files) using a message queuing
protocol. It's a community driven initiative called **IHAP** (Incident
Handling Automation Project) which was conceptually designed by European
CERTs/CSIRTs during several InfoSec events. Its main goal is to give to
incident responders an easy way to collect & process threat intelligence
thus improving the incident handling processes of CERTs.
IntelMQ's design was influenced by
`AbuseHelper <https://github.com/abusesa/abusehelper>`__,
however it was re-written from scratch and aims at:
- Reduce the complexity of system administration
- Reduce the complexity of writing new bots for new data feeds
- Reduce the probability of events lost in all process with persistence
functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Integration of the existing tools (AbuseHelper, CIF)
- Provide easy way to store data into Log Collectors like
ElasticSearch, Splunk, databases (such as PostgreSQL)
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTFUL API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
Table of Contents
=================
1. `How to Install <#how-to-install>`__
2. `Developers Guide <#developers-guide>`__
3. `IntelMQ Manager <#intelmq-manager>`__
4. `Incident Handling Automation
Project <#incident-handling-automation-project>`__
5. `Data Harmonization <#data-harmonization>`__
6. `How to Participate <#how-to-participate>`__
7. `Licence <#licence>`__
How to Install
==============
See `INSTALL <https://github.com/certtools/intelmq/blob/master/docs/INSTALL.md>`__.
Developers Guide
================
See `Developers Guide <https://github.com/certtools/intelmq/blob/master/docs/Developers-Guide.md>`__.
User Guide
----------------
See `User Guide <https://github.com/certtools/intelmq/blob/master/docs/User-Guide.md`__.
IntelMQ Manager
===============
Check out this graphical
`tool <https://github.com/certtools/intelmq-manager>`__ and easily
manage an IntelMQ system.
Incident Handling Automation Project
====================================
- **URL:**
http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation
- **Mailing-list:** ihap@lists.trusted-introducer.org
Data Harmonization
==================
IntelMQ use the Data Harmonization. Check the following
`document <https://github.com/certtools/intelmq/blob/master/docs/Data-Harmonization.md>`__.
How to participate
==================
- Subscribe to the Intelmq-dev Mailing list:
https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev (for
developers)
- Watch out for our regular developers conf call
- IRC: server: irc.freenode.net, channel: #intelmq
- Via github issues
- Via Pull requests (please do read help.github.com first)
Licence
=======
This software is licensed under GNU Affero General Public License
version 3
.. |Build Status| image:: https://travis-ci.org/certtools/intelmq.svg?branch=master
:target: https://travis-ci.org/certtools/intelmq
.. |codecov.io| image:: https://codecov.io/github/certtools/intelmq/coverage.svg?branch=master
:target: https://codecov.io/github/certtools/intelmq?branch=master
Welcome to IntelMQ!
===================
.. figure:: https://raw.githubusercontent.com/certtools/intelmq/master/docs/images/Logo_Intel_MQ.png
:alt: IntelMQ
IntelMQ
|Build Status| |codecov.io|
**IntelMQ** is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...)
for collecting and processing security feeds (such as log files) using a message queuing
protocol. It's a community driven initiative called **IHAP** (Incident
Handling Automation Project) which was conceptually designed by European
CERTs/CSIRTs during several InfoSec events. Its main goal is to give to
incident responders an easy way to collect & process threat intelligence
thus improving the incident handling processes of CERTs.
IntelMQ's design was influenced by
`AbuseHelper <https://github.com/abusesa/abusehelper>`__,
however it was re-written from scratch and aims at:
- Reduce the complexity of system administration
- Reduce the complexity of writing new bots for new data feeds
- Reduce the probability of events lost in all process with persistence
functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Integration of the existing tools (AbuseHelper, CIF)
- Provide easy way to store data into Log Collectors like
ElasticSearch, Splunk, databases (such as PostgreSQL)
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTFUL API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
Table of Contents
=================
1. `How to Install <#how-to-install>`__
2. `Developers Guide <#developers-guide>`__
3. `IntelMQ Manager <#intelmq-manager>`__
4. `Incident Handling Automation
Project <#incident-handling-automation-project>`__
5. `Data Harmonization <#data-harmonization>`__
6. `How to Participate <#how-to-participate>`__
7. `Licence <#licence>`__
How to Install
==============
See `INSTALL <https://github.com/certtools/intelmq/blob/master/docs/INSTALL.md>`__.
Developers Guide
================
See `Developers Guide <https://github.com/certtools/intelmq/blob/master/docs/Developers-Guide.md>`__.
User Guide
----------------
See `User Guide <https://github.com/certtools/intelmq/blob/master/docs/User-Guide.md`__.
IntelMQ Manager
===============
Check out this graphical
`tool <https://github.com/certtools/intelmq-manager>`__ and easily
manage an IntelMQ system.
Incident Handling Automation Project
====================================
- **URL:**
http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation
- **Mailing-list:** ihap@lists.trusted-introducer.org
Data Harmonization
==================
IntelMQ use the Data Harmonization. Check the following
`document <https://github.com/certtools/intelmq/blob/master/docs/Data-Harmonization.md>`__.
How to participate
==================
- Subscribe to the Intelmq-dev Mailing list:
https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev (for
developers)
- Watch out for our regular developers conf call
- IRC: server: irc.freenode.net, channel: #intelmq
- Via github issues
- Via Pull requests (please do read help.github.com first)
Licence
=======
This software is licensed under GNU Affero General Public License
version 3
.. |Build Status| image:: https://travis-ci.org/certtools/intelmq.svg?branch=master
:target: https://travis-ci.org/certtools/intelmq
.. |codecov.io| image:: https://codecov.io/github/certtools/intelmq/coverage.svg?branch=master
:target: https://codecov.io/github/certtools/intelmq?branch=master
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
intelmq-1.0.0.dev8.tar.gz
(636.4 kB
view details)
Built Distribution
File details
Details for the file intelmq-1.0.0.dev8.tar.gz.
File metadata
- Download URL: intelmq-1.0.0.dev8.tar.gz
- Upload date:
- Size: 636.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6cb8b5d84399da7e82907713b21c49dcde3237531cc167510b5cbe4a55f48547 |
|
| MD5 | 5e58f03b56f818ca4f45f31a3a5c7931 |
|
| BLAKE2b-256 | 22a904c6ef1323a5fde486fbd2ef4da523429209044e0d06845e188ca638d81c |
File details
Details for the file intelmq-1.0.0.dev8-py2.py3-none-any.whl.
File metadata
- Download URL: intelmq-1.0.0.dev8-py2.py3-none-any.whl
- Upload date:
- Size: 790.0 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 870e78bab6dcae58738d6fb534849bf3fb11791aaf2bf961ea5cc2dbd4036b6b |
|
| MD5 | e18935be847b53de0ab28387290f7d6a |
|
| BLAKE2b-256 | cc8d52447ac8f0aef8ab99adfb3f31fdbf17e2611514f0ddbb6657ce6a306a41 |
