intelmq.bots.parsers.cert_eu package¶
Submodules¶
intelmq.bots.parsers.cert_eu.parser_csv module¶
CERT-EU parser
“city”, # empty “source location”, # just a combination of long and lat “country”, # empty “as name”, # empty
reported cc, reported as name: ignored intentionally
-
intelmq.bots.parsers.cert_eu.parser_csv.
BOT
¶ alias of
intelmq.bots.parsers.cert_eu.parser_csv.CertEUCSVParserBot
-
class
intelmq.bots.parsers.cert_eu.parser_csv.
CertEUCSVParserBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)¶ Bases:
intelmq.lib.bot.ParserBot
Parse CSV data of the CERT-EU feed
-
ABUSE_TO_INTELMQ
= {'backdoor': 'system-compromise', 'blacklist': 'blacklist', 'botnet drone': 'infected-system', 'brute-force': 'brute-force', 'c2server': 'c2-server', 'compromised server': 'system-compromise', 'ddos infrastructure': 'ddos', 'ddos target': 'ddos', 'defacement': 'unauthorised-information-modification', 'dropzone': 'other', 'exploit url': 'exploit', 'ids alert': 'ids-alert', 'malware url': 'malware-distribution', 'malware-configuration': 'malware-configuration', 'phishing': 'phishing', 'ransomware': 'infected-system', 'scanner': 'scanner', 'spam infrastructure': 'spam', 'test': 'test', 'vulnerable service': 'vulnerable-system'}¶
-
parse
(report: intelmq.lib.message.Report)¶ A basic CSV Dictionary parser.
-
parse_line
(line, report)¶
-
recover_line
(line: str) → str¶ Converts dictionaries to csv. self.csv_fieldnames must be list of fields.
-