IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Project description
Introduction
IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP[^1] (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
IntelMQ is frequently used for:
- automated incident handling
- situational awareness
- automated notifications
- as data collector for other tools
- and more!
The design was influenced by AbuseHelper however it was re-written from scratch and aims at:
- Reducing the complexity of system administration
- Reducing the complexity of writing new bots for new data feeds
- Reducing the probability of events lost in all process with persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTful API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with inexperienced programmers
- Communicate clearly
Contribute
- Subscribe to the IntelMQ Developers mailing list and engage in discussions
- Report any errors and suggest improvements via issues
- Read the Developer Guide and open a pull request
[^1]: Incident Handling Automation Project, mailing list: ihap@lists.trusted-introducer.org
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for intelmq-3.3.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a84ae8141512aec48a23fe6c5655c797cfb91e5e92d30fb4812d52e7fa09343d |
|
MD5 | 6b0c98146f39cf4c2b05c8f39ae76bb9 |
|
BLAKE2b-256 | c2376aec771cb31b09ae1b9af5c0aa5f2cf46725145af50b2150b7e7806474d6 |