intelmq.bots.outputs.cif3 package¶
Submodules¶
intelmq.bots.outputs.cif3.output module¶
Connect to a CIFv3 instance and add indicator(s).
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-FileCopyrightText: 2022 REN-ISAC
A shortened copy of this documentation is kept at docs/user/bots.rst, please keep it current, when changing something.
param - add_feed_provider_as_tag: | |
---|---|
bool, use false when in doubt | |
param - cif3_additional_tags: | |
list of tags to set on submitted indicator(s) | |
param - cif3_feed_confidence: | |
float, used when mapping a feed’s confidence fails or if static confidence param is true | |
param - cif3_static_confidence: | |
bool (use false when in doubt) | |
param - cif3_token: | |
str, API key for accessing CIF | |
param - cif3_url: | |
str, URL of the CIFv3 instance | |
param - fireball: | |
int, used to batch events before submitting to a CIFv3 instance (default is 500 per batch, use 0 to disable batch and send each event as received) | |
param - http_verify_cert: | |
bool, used to tell whether the CIFv3 instance cert should be verified (default true, but can be set to false if using a local test instance) |
Example (of some parameters in JSON):
“add_feed_provider_as_tag”: true, “cif3_additional_tags”: [“intelmq”]
-
intelmq.bots.outputs.cif3.output.
BOT
¶
-
class
intelmq.bots.outputs.cif3.output.
CIF3OutputBot
(*args, **kwargs)¶ Bases:
intelmq.lib.bot.OutputBot
Submits indicators to a CIFv3 instance
IntelMQ-Bot-Name: CIFv3 API
-
_parse_event_to_cif3
(intelmq_event)¶ Takes in an IntelMQ event, parses fields to those used by CIFv3 Returns CIFv3 Indicator object
-
add_feed_provider_as_tag
= False¶
-
static
check
(parameters)¶ The bot’s own check function can perform individual checks on it’s parameters. init() is not called before, this is a staticmethod which does not require class initialization.
Parameters: parameters – Bot’s parameters, defaults and runtime merged together Returns: - None or a list of [log_level, log_message] pairs, both
- strings. log_level must be a valid log level.
Return type: output
-
cif3_feed_confidence
= 5¶
-
cif3_static_confidence
= False¶
-
cif3_token
= None¶
-
cif3_url
= None¶
-
fireball
= 500¶
-
http_verify_cert
= True¶
-
init
()¶
-
process
()¶
-