IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Welcome to IntelMQ!
IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs, abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. It’s a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
IntelMQ can be used for - automated incident handling - situational awareness - automated notifications - as data collector for other tools - etc.
IntelMQ’s design was influenced by AbuseHelper, however it was re-written from scratch and aims at:
- Reducing the complexity of system administration
- Reducing the complexity of writing new bots for new data feeds
- Reducing the probability of events lost in all process with persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Provide easy way to store data into Log Collectors like ElasticSearch, Splunk, databases (such as PostgreSQL)
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTful API
It follows the following basic meta-guidelines:
- Don’t break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with unexperienced programmers
- Communicate clearly
For support questions please reach out on the the intelmq-users mailing list
IntelMQ Manager and more tools
Several pieces of software evolved around IntelMQ. For example, check out IntelMQ Manager which is a web based interface to easily manage an IntelMQ system.
More tools can be found in the Ecosystem chapter in the documentation.
How to participate
IntelMQ is a community project depending on your contributions. Please consider sharing your work.
Incident Handling Automation Project
This software is licensed under GNU Affero General Public License version 3
This project was partially funded by the CEF framework
Release history Release notifications | RSS feed
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size intelmq-2.3.2-py2.py3-none-any.whl (1.1 MB)||File type Wheel||Python version py2.py3||Upload date||Hashes View|
|Filename, size intelmq-2.3.2.tar.gz (5.7 MB)||File type Source||Python version None||Upload date||Hashes View|
Hashes for intelmq-2.3.2-py2.py3-none-any.whl