intelmq.bots.outputs.cif3 package

Submodules

intelmq.bots.outputs.cif3.output module

Connect to a CIFv3 instance and add indicator(s).

SPDX-License-Identifier: AGPL-3.0-or-later SPDX-FileCopyrightText: 2022 REN-ISAC

A shortened copy of this documentation is kept at docs/user/bots.rst, please keep it current, when changing something.

param - add_feed_provider_as_tag:
 bool, use false when in doubt
param - cif3_additional_tags:
 list of tags to set on submitted indicator(s)
param - cif3_feed_confidence:
 float, used when mapping a feed’s confidence fails or if static confidence param is true
param - cif3_static_confidence:
 bool (use false when in doubt)
param - cif3_token:
 str, API key for accessing CIF
param - cif3_url:
 str, URL of the CIFv3 instance
param - fireball:
 int, used to batch events before submitting to a CIFv3 instance (default is 500 per batch, use 0 to disable batch and send each event as received)
param - http_verify_cert:
 bool, used to tell whether the CIFv3 instance cert should be verified (default true, but can be set to false if using a local test instance)

Example (of some parameters in JSON):

“add_feed_provider_as_tag”: true, “cif3_additional_tags”: [“intelmq”]
intelmq.bots.outputs.cif3.output.BOT

alias of intelmq.bots.outputs.cif3.output.CIF3OutputBot

class intelmq.bots.outputs.cif3.output.CIF3OutputBot(*args, **kwargs)

Bases: intelmq.lib.bot.OutputBot

Submits indicators to a CIFv3 instance

IntelMQ-Bot-Name: CIFv3 API

_parse_event_to_cif3(intelmq_event)

Takes in an IntelMQ event, parses fields to those used by CIFv3 Returns CIFv3 Indicator object

add_feed_provider_as_tag = False
static check(parameters)

The bot’s own check function can perform individual checks on it’s parameters. init() is not called before, this is a staticmethod which does not require class initialization.

Parameters:parameters – Bot’s parameters, defaults and runtime merged together
Returns:
None or a list of [log_level, log_message] pairs, both
strings. log_level must be a valid log level.
Return type:output
cif3_additional_tags = []
cif3_feed_confidence = 5
cif3_static_confidence = False
cif3_token = None
cif3_url = None
fireball = 500
http_verify_cert = True
init()
process()

Module contents