intelmq.bots.parsers.spamhaus package¶
Submodules¶
intelmq.bots.parsers.spamhaus.parser_cert module¶
Header of the File: ; Bots filtered by last 1 hours, prepared for <CERTNAME> on UTC = … ; Copyright © 2015 The Spamhaus Project Ltd. All rights reserved. ; No re-distribution or public access allowed without Spamhaus permission. ; Fields description: ; ; 1 - Infected IP ; 2 - ASN ; 3 - Country Code ; 4 - Lastseen Timestamp (in UTC) ; 5 - Bot Name ; Command & Control (C&C) information, if available: ; 6 - C&C Domain ; 7 - Remote IP (connecting to) ; 8 - Remote Port (connecting to) ; 9 - Local Port ; 10 - Protocol ; Additional fields may be added in the future without notice ; ; ip, asn, country, lastseen, botname, domain, remote_ip, remote_port, local_port, protocol
-
class
intelmq.bots.parsers.spamhaus.parser_cert.
SpamhausCERTParserBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)¶ Bases:
intelmq.lib.bot.ParserBot
Parse the Spamhaus CERT feed
-
parse_line
(row, report)¶
-
intelmq.bots.parsers.spamhaus.parser_drop module¶
Single IntelMQ parser for Spamhaus drop feeds
-
intelmq.bots.parsers.spamhaus.parser_drop.
BOT
¶ alias of
intelmq.bots.parsers.spamhaus.parser_drop.SpamhausDropParserBot
-
class
intelmq.bots.parsers.spamhaus.parser_drop.
SpamhausDropParserBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)¶ Bases:
intelmq.lib.bot.ParserBot
Parse the Spamhaus DROP, EDROP, DROPv6, and ASN-DROP feeds
-
ASN_DROP_URLS
= {'https://www.spamhaus.org/drop/asndrop.txt'}¶
-
NETWORK_DROP_URLS
= {'https://www.spamhaus.org/drop/drop.lasso', 'https://www.spamhaus.org/drop/edrop.txt', 'https://www.spamhaus.org/drop/drop.txt', 'https://www.spamhaus.org/drop/dropv6.txt'}¶
-
parse_line
(line, report)¶
-