IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,…) for collecting and processing security feeds (such as log files) using a message queuing protocol. It’s a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
IntelMQ’s design was influenced by AbuseHelper, however it was re-written from scratch and aims at:
- Reduce the complexity of system administration
- Reduce the complexity of writing new bots for new data feeds
- Reduce the probability of events lost in all process with persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Integration of the existing tools (AbuseHelper, CIF)
- Provide easy way to store data into Log Collectors like ElasticSearch, Splunk, databases (such as PostgreSQL)
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTFUL API
It follows the following basic meta-guidelines:
- Don’t break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
Table of Contents
See Developers Guide.
See User Guide.
For support use the intelmq-users mailing list: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
Check out this graphical tool and easily manage an IntelMQ system.
Incident Handling Automation Project
IntelMQ use the Data Harmonization. Check the following document.
How to participate
- Subscribe to the Intelmq-dev Mailing list: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev (for developers)
- Watch out for our regular developers conf call
- IRC: server: irc.freenode.net, channel: #intelmq
- Via github issues
- Via Pull requests (please do read help.github.com first)
This software is licensed under GNU Affero General Public License version 3
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|File Name & Hash SHA256 Hash Help||Version||File Type||Upload Date|
(354.4 kB) Copy SHA256 Hash SHA256
|py2.py3||Wheel||Feb 5, 2018|
(636.2 kB) Copy SHA256 Hash SHA256
|–||Source||Feb 5, 2018|