intelmq.bots.parsers.cymru package¶
Submodules¶
intelmq.bots.parsers.cymru.parser_cap_program module¶
-
intelmq.bots.parsers.cymru.parser_cap_program.
BOT
¶ alias of
intelmq.bots.parsers.cymru.parser_cap_program.CymruCAPProgramParserBot
-
class
intelmq.bots.parsers.cymru.parser_cap_program.
CymruCAPProgramParserBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)¶ Bases:
intelmq.lib.bot.ParserBot
Parse the Cymru CAP Program feed
-
parse
(report)¶
-
parse_bot_old
(comment_split, report_type, event)¶
-
parse_line_new
(line, report)¶ The format is two following: category|address|asn|timestamp|optional_information|asninfo Therefore very similar to CSV, just with the pipe as separator category: the type (resulting in classification.*) and optional_information needs to be parsed differently per category address: source.ip asn: source.asn timestamp: time.source optional_information: needs special care.
For some categories it needs parsing, as it contains a mapping of keys to values, whereas the meaning of the keys can differ between the categories For categories in MAPING_COMMENT, this field only contains one value. For the category ‘bruteforce’ both situations apply. Previously, the bruteforce events only had the protocol in the comment, while most other categories had a mapping. Now, the bruteforce categories also uses the type-value syntax. So we need to support both formats, the old and the new. See also https://github.com/certtools/intelmq/issues/1794asninfo: source.as_name
-
parse_line_old
(line, report)¶
-
intelmq.bots.parsers.cymru.parser_full_bogons module¶
-
intelmq.bots.parsers.cymru.parser_full_bogons.
BOT
¶ alias of
intelmq.bots.parsers.cymru.parser_full_bogons.CymruFullBogonsParserBot
-
class
intelmq.bots.parsers.cymru.parser_full_bogons.
CymruFullBogonsParserBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)¶ Bases:
intelmq.lib.bot.ParserBot
Parse the Cymru Full Bogons feed
-
parse
(report)¶
-
parse_line
(val, report)¶
-