IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Project description
Welcome to IntelMQ!
===================
[](https://travis-ci.org/certtools/intelmq)
[](https://codecov.io/github/certtools/intelmq?branch=master)
**IntelMQ** is a solution for IT security teams (CERTs, CSIRTs, abuse
departments,...) for collecting and processing security feeds (such as
log files) using a message queuing protocol. It's a community driven
initiative called **IHAP** (Incident Handling Automation Project) which
was conceptually designed by European CERTs/CSIRTs during several
InfoSec events. Its main goal is to give to incident responders an easy
way to collect & process threat intelligence thus improving the incident
handling processes of CERTs.
IntelMQ's design was influenced by
[AbuseHelper](https://github.com/abusesa/abusehelper)
however it was re-written from scratch and aims at:
- Reducing the complexity of system administration
- Reducing the complexity of writing new bots for new data feeds
- Reducing the probability of events lost in all process with
persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Integration of the existing tools (AbuseHelper, CIF)
- Provide easy way to store data into Log Collectors like
ElasticSearch, Splunk, databases (such as PostgreSQL)
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTFUL API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
Table of Contents
-----------------
1. [How to Install](#how-to-install)
2. [Developers Guide](#developers-guide)
3. [User Guide](#user-guide)
3. [IntelMQ Manager](#intelmq-manager)
4. [Incident Handling Automation Project](#incident-handling-automation-project)
5. [Data Harmonization](#data-harmonization)
6. [How to Participate](#how-to-participate)
7. [Licence](#licence)
How to Install
--------------
See [INSTALL](docs/INSTALL.md).
Developers Guide
----------------
See [Developers Guide](docs/Developers-Guide.md).
User Guide
----------------
See [User Guide](docs/User-Guide.md).
For support questions please use the intelmq-users mailing list: <https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users>
IntelMQ Manager
---------------
Check out this graphical
[tool](https://github.com/certtools/intelmq-manager) and easily manage
an IntelMQ system.
Incident Handling Automation Project
------------------------------------
- **URL:**
<http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation>
- **Mailing-list:** <ihap@lists.trusted-introducer.org>
Data Harmonization
------------------
IntelMQ use the Data Harmonization. Please read [this document](docs/Data-Harmonization.md) for more details.
How to participate
------------------
- Subscribe to the Intelmq-dev Mailing list:
<https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev> (for
developers)
- Watch out for our regular developers conf call
- IRC: server: irc.freenode.net, channel: \#intelmq
- Via github issues
- Via Pull requests (please do read help.github.com first)
Licence
-------
This software is licensed under GNU Affero General Public License
version 3
===================
[](https://travis-ci.org/certtools/intelmq)
[](https://codecov.io/github/certtools/intelmq?branch=master)
**IntelMQ** is a solution for IT security teams (CERTs, CSIRTs, abuse
departments,...) for collecting and processing security feeds (such as
log files) using a message queuing protocol. It's a community driven
initiative called **IHAP** (Incident Handling Automation Project) which
was conceptually designed by European CERTs/CSIRTs during several
InfoSec events. Its main goal is to give to incident responders an easy
way to collect & process threat intelligence thus improving the incident
handling processes of CERTs.
IntelMQ's design was influenced by
[AbuseHelper](https://github.com/abusesa/abusehelper)
however it was re-written from scratch and aims at:
- Reducing the complexity of system administration
- Reducing the complexity of writing new bots for new data feeds
- Reducing the probability of events lost in all process with
persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Integration of the existing tools (AbuseHelper, CIF)
- Provide easy way to store data into Log Collectors like
ElasticSearch, Splunk, databases (such as PostgreSQL)
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTFUL API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
Table of Contents
-----------------
1. [How to Install](#how-to-install)
2. [Developers Guide](#developers-guide)
3. [User Guide](#user-guide)
3. [IntelMQ Manager](#intelmq-manager)
4. [Incident Handling Automation Project](#incident-handling-automation-project)
5. [Data Harmonization](#data-harmonization)
6. [How to Participate](#how-to-participate)
7. [Licence](#licence)
How to Install
--------------
See [INSTALL](docs/INSTALL.md).
Developers Guide
----------------
See [Developers Guide](docs/Developers-Guide.md).
User Guide
----------------
See [User Guide](docs/User-Guide.md).
For support questions please use the intelmq-users mailing list: <https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users>
IntelMQ Manager
---------------
Check out this graphical
[tool](https://github.com/certtools/intelmq-manager) and easily manage
an IntelMQ system.
Incident Handling Automation Project
------------------------------------
- **URL:**
<http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation>
- **Mailing-list:** <ihap@lists.trusted-introducer.org>
Data Harmonization
------------------
IntelMQ use the Data Harmonization. Please read [this document](docs/Data-Harmonization.md) for more details.
How to participate
------------------
- Subscribe to the Intelmq-dev Mailing list:
<https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev> (for
developers)
- Watch out for our regular developers conf call
- IRC: server: irc.freenode.net, channel: \#intelmq
- Via github issues
- Via Pull requests (please do read help.github.com first)
Licence
-------
This software is licensed under GNU Affero General Public License
version 3
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
intelmq-1.1.0rc2.tar.gz
(905.8 kB
view details)
Built Distribution
File details
Details for the file intelmq-1.1.0rc2.tar.gz.
File metadata
- Download URL: intelmq-1.1.0rc2.tar.gz
- Upload date:
- Size: 905.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.9.1 pkginfo/1.4.1 requests/2.18.4 setuptools/38.4.1 requests-toolbelt/0.8.0 tqdm/4.19.8 CPython/3.6.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ba29d5de0de53d1a18d3b48a1c88aca8bd02641a1ce78a0b03ccdec3c53530eb |
|
| MD5 | 332dc4fcaa1d683d6d8f805e6ac3b26e |
|
| BLAKE2b-256 | f5d46bf33c74e3d3036350bbfa7eade24bea14831110774b57a9ea7120be98c0 |
File details
Details for the file intelmq-1.1.0rc2-py2.py3-none-any.whl.
File metadata
- Download URL: intelmq-1.1.0rc2-py2.py3-none-any.whl
- Upload date:
- Size: 714.8 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.9.1 pkginfo/1.4.1 requests/2.18.4 setuptools/38.4.1 requests-toolbelt/0.8.0 tqdm/4.19.8 CPython/3.6.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8bd34269a1f4bcf3d71685ebd2422d98aaec58b53a33b2d2bd194b2fef6de50c |
|
| MD5 | 43d42050f0c26cc05d80fd357a6714a9 |
|
| BLAKE2b-256 | 1868e9655a714ae538cb4964c45e0f1f53cdd4d9d1907662cc1fc1e29c509e48 |
