IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Project description
Welcome to IntelMQ!
===================
[](https://travis-ci.org/certtools/intelmq)
[](https://codecov.io/github/certtools/intelmq?branch=master)
**IntelMQ** is a solution for IT security teams (CERTs, CSIRTs, abuse
departments,...) for collecting and processing security feeds (such as
log files) using a message queuing protocol. It's a community driven
initiative called **IHAP** (Incident Handling Automation Project) which
was conceptually designed by European CERTs/CSIRTs during several
InfoSec events. Its main goal is to give to incident responders an easy
way to collect & process threat intelligence thus improving the incident
handling processes of CERTs.
IntelMQ's design was influenced by
[AbuseHelper](https://github.com/abusesa/abusehelper)
however it was re-written from scratch and aims at:
- Reduce the complexity of system administration
- Reduce the complexity of writing new bots for new data feeds
- Reduce the probability of events lost in all process with
persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Integration of the existing tools (AbuseHelper, CIF)
- Provide easy way to store data into Log Collectors like
ElasticSearch, Splunk, databases (such as PostgreSQL)
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTFUL API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
Table of Contents
-----------------
1. [How to Install](#how-to-install)
2. [Developers Guide](#developers-guide)
3. [User Guide](#user-guide)
3. [IntelMQ Manager](#intelmq-manager)
4. [Incident Handling Automation Project](#incident-handling-automation-project)
5. [Data Harmonization](#data-harmonization)
6. [How to Participate](#how-to-participate)
7. [Licence](#licence)
How to Install
--------------
See [INSTALL](docs/INSTALL.md).
Developers Guide
----------------
See [Developers Guide](docs/Developers-Guide.md).
User Guide
----------------
See [User Guide](docs/User-Guide.md).
For support use the intelmq-users mailing list: <https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users>
IntelMQ Manager
---------------
Check out this graphical
[tool](https://github.com/certtools/intelmq-manager) and easily manage
an IntelMQ system.
Incident Handling Automation Project
------------------------------------
- **URL:**
<http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation>
- **Mailing-list:** <ihap@lists.trusted-introducer.org>
Data Harmonization
------------------
IntelMQ use the Data Harmonization. Check the following
[document](docs/Data-Harmonization.md).
How to participate
------------------
- Subscribe to the Intelmq-dev Mailing list:
<https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev> (for
developers)
- Watch out for our regular developers conf call
- IRC: server: irc.freenode.net, channel: \#intelmq
- Via github issues
- Via Pull requests (please do read help.github.com first)
Licence
-------
This software is licensed under GNU Affero General Public License
version 3
===================
[](https://travis-ci.org/certtools/intelmq)
[](https://codecov.io/github/certtools/intelmq?branch=master)
**IntelMQ** is a solution for IT security teams (CERTs, CSIRTs, abuse
departments,...) for collecting and processing security feeds (such as
log files) using a message queuing protocol. It's a community driven
initiative called **IHAP** (Incident Handling Automation Project) which
was conceptually designed by European CERTs/CSIRTs during several
InfoSec events. Its main goal is to give to incident responders an easy
way to collect & process threat intelligence thus improving the incident
handling processes of CERTs.
IntelMQ's design was influenced by
[AbuseHelper](https://github.com/abusesa/abusehelper)
however it was re-written from scratch and aims at:
- Reduce the complexity of system administration
- Reduce the complexity of writing new bots for new data feeds
- Reduce the probability of events lost in all process with
persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Integration of the existing tools (AbuseHelper, CIF)
- Provide easy way to store data into Log Collectors like
ElasticSearch, Splunk, databases (such as PostgreSQL)
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTFUL API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
Table of Contents
-----------------
1. [How to Install](#how-to-install)
2. [Developers Guide](#developers-guide)
3. [User Guide](#user-guide)
3. [IntelMQ Manager](#intelmq-manager)
4. [Incident Handling Automation Project](#incident-handling-automation-project)
5. [Data Harmonization](#data-harmonization)
6. [How to Participate](#how-to-participate)
7. [Licence](#licence)
How to Install
--------------
See [INSTALL](docs/INSTALL.md).
Developers Guide
----------------
See [Developers Guide](docs/Developers-Guide.md).
User Guide
----------------
See [User Guide](docs/User-Guide.md).
For support use the intelmq-users mailing list: <https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users>
IntelMQ Manager
---------------
Check out this graphical
[tool](https://github.com/certtools/intelmq-manager) and easily manage
an IntelMQ system.
Incident Handling Automation Project
------------------------------------
- **URL:**
<http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation>
- **Mailing-list:** <ihap@lists.trusted-introducer.org>
Data Harmonization
------------------
IntelMQ use the Data Harmonization. Check the following
[document](docs/Data-Harmonization.md).
How to participate
------------------
- Subscribe to the Intelmq-dev Mailing list:
<https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev> (for
developers)
- Watch out for our regular developers conf call
- IRC: server: irc.freenode.net, channel: \#intelmq
- Via github issues
- Via Pull requests (please do read help.github.com first)
Licence
-------
This software is licensed under GNU Affero General Public License
version 3
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
intelmq-1.1.0rc1.tar.gz
(899.9 kB
view details)
Built Distribution
File details
Details for the file intelmq-1.1.0rc1.tar.gz.
File metadata
- Download URL: intelmq-1.1.0rc1.tar.gz
- Upload date:
- Size: 899.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 89d9dbec827982e94a02fb84d9e3e4f077c55ca6d4b605e87912e62db18d2a6c |
|
| MD5 | 2f92561cdd17fe609529aac5121edf21 |
|
| BLAKE2b-256 | 307fa9ad39d106e446a7690e5173874b85217c60135302d570e345b0bbdb1dd7 |
File details
Details for the file intelmq-1.1.0rc1-py2.py3-none-any.whl.
File metadata
- Download URL: intelmq-1.1.0rc1-py2.py3-none-any.whl
- Upload date:
- Size: 705.3 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3357017ebeef1d76f5425a1803357a82c7dcabc0d47266be2c919d77139680ea |
|
| MD5 | eb44c33a8694c242fa9f7b66fb39dbb3 |
|
| BLAKE2b-256 | a575dcfd625aed88f1f413128307ca1fdcb2b81b067727d5c2785bcd9c5b1e74 |
