<!-- comment
SPDX-FileCopyrightText: 2015-2023 Sebastian Wagner, Filip Pokorný
SPDX-License-Identifier: AGPL-3.0-or-later
-->
<!--
[](https://bestpractices.coreinfrastructure.org/projects/4186/)
-->
# Introduction
**IntelMQ** is a solution for IT security teams (CERTs & CSIRTs, SOCs
abuse departments, etc.) for collecting and processing security feeds
(such as log files) using a message queuing protocol. It's a community
driven initiative called **IHAP**[^1] (Incident Handling Automation Project)
which was conceptually designed by European CERTs/CSIRTs during several
InfoSec events. Its main goal is to give to incident responders an easy
way to collect & process threat intelligence thus improving the incident
handling processes of CERTs.
IntelMQ is frequently used for:
- automated incident handling
- situational awareness
- automated notifications
- as data collector for other tools
- and more!
The design was influenced by
[AbuseHelper](https://github.com/abusesa/abusehelper) however it was
re-written from scratch and aims at:
- Reducing the complexity of system administration
- Reducing the complexity of writing new bots for new data feeds
- Reducing the probability of events lost in all process with persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTful API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with inexperienced programmers
- Communicate clearly
## Contribute
- Subscribe to the [IntelMQ Developers mailing list](https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev) and engage in discussions
- Report any errors and suggest improvements via [issues](https://github.com/certtools/intelmq/issues)
- Read the Developer Guide and open a [pull request](https://github.com/certtools/intelmq/pulls)
[^1]: [Incident Handling Automation Project](https://www.enisa.europa.eu/activities/cert/support/incident-handling-automation), mailing list: ihap@lists.trusted-introducer.org
Raw data
{
"_id": null,
"home_page": "https://github.com/certtools/intelmq/",
"name": "intelmq",
"maintainer": "Sebastian Wagner",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "intelmq-dev@lists.cert.at",
"keywords": "incident handling cert csirt",
"author": "IntelMQ Community",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/0c/d1/fdc05533d5b96d2250fc69fe4d8d20a41927c65ce32523b6022a4dfaf7a2/intelmq-3.3.1.tar.gz",
"platform": null,
"description": "<!-- comment\n SPDX-FileCopyrightText: 2015-2023 Sebastian Wagner, Filip Pokorn\u00fd\n SPDX-License-Identifier: AGPL-3.0-or-later\n-->\n\n<!--\n[](https://bestpractices.coreinfrastructure.org/projects/4186/)\n-->\n\n\n\n\n# Introduction\n\n**IntelMQ** is a solution for IT security teams (CERTs & CSIRTs, SOCs\nabuse departments, etc.) for collecting and processing security feeds\n(such as log files) using a message queuing protocol. It's a community\ndriven initiative called **IHAP**[^1] (Incident Handling Automation Project)\nwhich was conceptually designed by European CERTs/CSIRTs during several\nInfoSec events. Its main goal is to give to incident responders an easy\nway to collect & process threat intelligence thus improving the incident\nhandling processes of CERTs.\n\nIntelMQ is frequently used for:\n\n- automated incident handling\n- situational awareness\n- automated notifications\n- as data collector for other tools\n- and more!\n\nThe design was influenced by\n[AbuseHelper](https://github.com/abusesa/abusehelper) however it was\nre-written from scratch and aims at:\n\n- Reducing the complexity of system administration\n- Reducing the complexity of writing new bots for new data feeds\n- Reducing the probability of events lost in all process with persistence functionality (even system crash)\n- Use and improve the existing Data Harmonization Ontology\n- Use JSON format for all messages\n- Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk\n- Provide easy way to create your own black-lists\n- Provide easy communication with other systems via HTTP RESTful API\n\nIt follows the following basic meta-guidelines:\n\n- Don't break simplicity - KISS\n- Keep it open source - forever\n- Strive for perfection while keeping a deadline\n- Reduce complexity/avoid feature bloat\n- Embrace unit testing\n- Code readability: test with inexperienced programmers\n- Communicate clearly\n\n## Contribute\n\n- Subscribe to the [IntelMQ Developers mailing list](https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev) and engage in discussions\n- Report any errors and suggest improvements via [issues](https://github.com/certtools/intelmq/issues)\n- Read the Developer Guide and open a [pull request](https://github.com/certtools/intelmq/pulls)\n\n[^1]: [Incident Handling Automation Project](https://www.enisa.europa.eu/activities/cert/support/incident-handling-automation), mailing list: ihap@lists.trusted-introducer.org\n\n\n\n",
"bugtrack_url": null,
"license": "AGPLv3",
"summary": "IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.",
"version": "3.3.1",
"project_urls": {
"Documentation": "https://docs.intelmq.org/",
"Homepage": "https://github.com/certtools/intelmq/",
"Source and Issue Tracker": "https://github.com/certtools/intelmq/"
},
"split_keywords": [
"incident",
"handling",
"cert",
"csirt"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "ee5bc5a6ebbe62824271c8d407e17a72eb55f63b0068b5a6e308ba209c9ce4f7",
"md5": "0fe7c11b853b5a9bcf693b1a576cda39",
"sha256": "193dfc9bd0ab558c83e5bb22fd5ecd38083d0ad25def1955fe7eafa3e0f0514d"
},
"downloads": -1,
"filename": "intelmq-3.3.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "0fe7c11b853b5a9bcf693b1a576cda39",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.7",
"size": 950001,
"upload_time": "2024-09-03T10:38:58",
"upload_time_iso_8601": "2024-09-03T10:38:58.990598Z",
"url": "https://files.pythonhosted.org/packages/ee/5b/c5a6ebbe62824271c8d407e17a72eb55f63b0068b5a6e308ba209c9ce4f7/intelmq-3.3.1-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "0cd1fdc05533d5b96d2250fc69fe4d8d20a41927c65ce32523b6022a4dfaf7a2",
"md5": "834fc78cffd8879df1d8376bce5d7f11",
"sha256": "c0c8e6aef3d0bdbc46d77647440eb752edd47c765b252f2a2f6ca9a78d7f7c9d"
},
"downloads": -1,
"filename": "intelmq-3.3.1.tar.gz",
"has_sig": false,
"md5_digest": "834fc78cffd8879df1d8376bce5d7f11",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 2509476,
"upload_time": "2024-09-03T10:39:06",
"upload_time_iso_8601": "2024-09-03T10:39:06.395426Z",
"url": "https://files.pythonhosted.org/packages/0c/d1/fdc05533d5b96d2250fc69fe4d8d20a41927c65ce32523b6022a4dfaf7a2/intelmq-3.3.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-03 10:39:06",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "certtools",
"github_project": "intelmq",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "intelmq"
}
JSON
