IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Project description
Introduction
IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP[^1] (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
IntelMQ is frequently used for:
- automated incident handling
- situational awareness
- automated notifications
- as data collector for other tools
- and more!
The design was influenced by AbuseHelper however it was re-written from scratch and aims at:
- Reducing the complexity of system administration
- Reducing the complexity of writing new bots for new data feeds
- Reducing the probability of events lost in all process with persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTful API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with inexperienced programmers
- Communicate clearly
Contribute
- Subscribe to the IntelMQ Developers mailing list and engage in discussions
- Report any errors and suggest improvements via issues
- Read the Developer Guide and open a pull request
[^1]: Incident Handling Automation Project, mailing list: ihap@lists.trusted-introducer.org
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file intelmq-3.5.0.tar.gz.
File metadata
- Download URL: intelmq-3.5.0.tar.gz
- Upload date:
- Size: 2.6 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
09e143c3f2fd5d9ce3e00806f5f3e5b79140ad487e85765a75944acf9415d373
|
|
| MD5 |
5be56edcd6d436a991c4b20923ec625a
|
|
| BLAKE2b-256 |
a493589e95053af073b2a4612cc7c088e1fb7f49b73373d83228f76dd8951a4c
|
File details
Details for the file intelmq-3.5.0-py2.py3-none-any.whl.
File metadata
- Download URL: intelmq-3.5.0-py2.py3-none-any.whl
- Upload date:
- Size: 1.0 MB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
38a780143798f38b178b48667d3727aff014880a29dac5335189d80db68b2046
|
|
| MD5 |
03c7c37af28f0e12e702ac8eba72aa3d
|
|
| BLAKE2b-256 |
b08d3dabc3900693ef1f6a51a64dbba5c8917d58985ec102cd4c15225d798459
|
