<!-- comment
SPDX-FileCopyrightText: 2015-2023 Sebastian Wagner, Filip Pokorný
SPDX-License-Identifier: AGPL-3.0-or-later
-->
<!--
[](https://bestpractices.coreinfrastructure.org/projects/4186/)
-->
# Introduction
**IntelMQ** is a solution for IT security teams (CERTs & CSIRTs, SOCs
abuse departments, etc.) for collecting and processing security feeds
(such as log files) using a message queuing protocol. It's a community
driven initiative called **IHAP**[^1] (Incident Handling Automation Project)
which was conceptually designed by European CERTs/CSIRTs during several
InfoSec events. Its main goal is to give to incident responders an easy
way to collect & process threat intelligence thus improving the incident
handling processes of CERTs.
IntelMQ is frequently used for:
- automated incident handling
- situational awareness
- automated notifications
- as data collector for other tools
- and more!
The design was influenced by
[AbuseHelper](https://github.com/abusesa/abusehelper) however it was
re-written from scratch and aims at:
- Reducing the complexity of system administration
- Reducing the complexity of writing new bots for new data feeds
- Reducing the probability of events lost in all process with persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTful API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with inexperienced programmers
- Communicate clearly
## Contribute
- Subscribe to the [IntelMQ Developers mailing list](https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev) and engage in discussions
- Report any errors and suggest improvements via [issues](https://github.com/certtools/intelmq/issues)
- Read the Developer Guide and open a [pull request](https://github.com/certtools/intelmq/pulls)
[^1]: [Incident Handling Automation Project](https://www.enisa.europa.eu/activities/cert/support/incident-handling-automation), mailing list: ihap@lists.trusted-introducer.org
Raw data
{
"_id": null,
"home_page": "https://github.com/certtools/intelmq/",
"name": "intelmq",
"maintainer": "Sebastian Wagner",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "intelmq-dev@lists.cert.at",
"keywords": "incident handling cert csirt",
"author": "IntelMQ Community",
"author_email": "",
"download_url": "",
"platform": null,
"description": "<!-- comment\n SPDX-FileCopyrightText: 2015-2023 Sebastian Wagner, Filip Pokorn\u00fd\n SPDX-License-Identifier: AGPL-3.0-or-later\n-->\n\n<!--\n[](https://bestpractices.coreinfrastructure.org/projects/4186/)\n-->\n\n\n\n\n# Introduction\n\n**IntelMQ** is a solution for IT security teams (CERTs & CSIRTs, SOCs\nabuse departments, etc.) for collecting and processing security feeds\n(such as log files) using a message queuing protocol. It's a community\ndriven initiative called **IHAP**[^1] (Incident Handling Automation Project)\nwhich was conceptually designed by European CERTs/CSIRTs during several\nInfoSec events. Its main goal is to give to incident responders an easy\nway to collect & process threat intelligence thus improving the incident\nhandling processes of CERTs.\n\nIntelMQ is frequently used for:\n\n- automated incident handling\n- situational awareness\n- automated notifications\n- as data collector for other tools\n- and more!\n\nThe design was influenced by\n[AbuseHelper](https://github.com/abusesa/abusehelper) however it was\nre-written from scratch and aims at:\n\n- Reducing the complexity of system administration\n- Reducing the complexity of writing new bots for new data feeds\n- Reducing the probability of events lost in all process with persistence functionality (even system crash)\n- Use and improve the existing Data Harmonization Ontology\n- Use JSON format for all messages\n- Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk\n- Provide easy way to create your own black-lists\n- Provide easy communication with other systems via HTTP RESTful API\n\nIt follows the following basic meta-guidelines:\n\n- Don't break simplicity - KISS\n- Keep it open source - forever\n- Strive for perfection while keeping a deadline\n- Reduce complexity/avoid feature bloat\n- Embrace unit testing\n- Code readability: test with inexperienced programmers\n- Communicate clearly\n\n## Contribute\n\n- Subscribe to the [IntelMQ Developers mailing list](https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev) and engage in discussions\n- Report any errors and suggest improvements via [issues](https://github.com/certtools/intelmq/issues)\n- Read the Developer Guide and open a [pull request](https://github.com/certtools/intelmq/pulls)\n\n[^1]: [Incident Handling Automation Project](https://www.enisa.europa.eu/activities/cert/support/incident-handling-automation), mailing list: ihap@lists.trusted-introducer.org\n\n\n\n",
"bugtrack_url": null,
"license": "AGPLv3",
"summary": "IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.",
"version": "3.3.0",
"project_urls": {
"Documentation": "https://docs.intelmq.org/",
"Homepage": "https://github.com/certtools/intelmq/",
"Source and Issue Tracker": "https://github.com/certtools/intelmq/"
},
"split_keywords": [
"incident",
"handling",
"cert",
"csirt"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "c2376aec771cb31b09ae1b9af5c0aa5f2cf46725145af50b2150b7e7806474d6",
"md5": "6b0c98146f39cf4c2b05c8f39ae76bb9",
"sha256": "a84ae8141512aec48a23fe6c5655c797cfb91e5e92d30fb4812d52e7fa09343d"
},
"downloads": -1,
"filename": "intelmq-3.3.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "6b0c98146f39cf4c2b05c8f39ae76bb9",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.7",
"size": 943805,
"upload_time": "2024-03-01T18:45:31",
"upload_time_iso_8601": "2024-03-01T18:45:31.308942Z",
"url": "https://files.pythonhosted.org/packages/c2/37/6aec771cb31b09ae1b9af5c0aa5f2cf46725145af50b2150b7e7806474d6/intelmq-3.3.0-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-01 18:45:31",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "certtools",
"github_project": "intelmq",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "intelmq"
}
JSON
