Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/certtools/intelmq
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
https://github.com/certtools/intelmq
alerts automation cert csirt cybersecurity feeds handling ihap incident incident-response intelligence ioc malware phishing python threat
Last synced: 2 months ago
JSON representation
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
- Host: GitHub
- URL: https://github.com/certtools/intelmq
- Owner: certtools
- License: agpl-3.0
- Created: 2014-06-24T10:11:39.000Z (over 10 years ago)
- Default Branch: develop
- Last Pushed: 2024-05-10T10:29:28.000Z (8 months ago)
- Last Synced: 2024-05-21T12:56:49.891Z (8 months ago)
- Topics: alerts, automation, cert, csirt, cybersecurity, feeds, handling, ihap, incident, incident-response, intelligence, ioc, malware, phishing, python, threat
- Language: Python
- Homepage: https://docs.intelmq.org/latest/
- Size: 29.4 MB
- Stars: 940
- Watchers: 75
- Forks: 294
- Open Issues: 204
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Security: SECURITY.md
- Authors: AUTHORS
Awesome Lists containing this project
- ForensicsTools - IntelMQ - IntelMQ collects and processes security feeds (Challenges / Frameworks)
- awesome-forensics - IntelMQ - IntelMQ collects and processes security feeds (Tools / Frameworks)
- Awesome-Forensics - IntelMQ - IntelMQ collects and processes security feeds (Tools / Frameworks)
- starred-awesome - intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol. (Python)
README
# Introduction
**IntelMQ** is a solution for IT security teams (CERTs & CSIRTs, SOCs
abuse departments, etc.) for collecting and processing security feeds
(such as log files) using a message queuing protocol. It's a community
driven initiative called **IHAP**[^1] (Incident Handling Automation Project)
which was conceptually designed by European CERTs/CSIRTs during several
InfoSec events. Its main goal is to give to incident responders an easy
way to collect & process threat intelligence thus improving the incident
handling processes of CERTs.
IntelMQ is frequently used for:
- automated incident handling
- situational awareness
- automated notifications
- as data collector for other tools
- and more!
The design was influenced by
[AbuseHelper](https://github.com/abusesa/abusehelper) however it was
re-written from scratch and aims at:
- Reducing the complexity of system administration
- Reducing the complexity of writing new bots for new data feeds
- Reducing the probability of events lost in all process with persistence functionality (even system crash)
- Use and improve the existing Data Harmonization Ontology
- Use JSON format for all messages
- Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk
- Provide easy way to create your own black-lists
- Provide easy communication with other systems via HTTP RESTful API
It follows the following basic meta-guidelines:
- Don't break simplicity - KISS
- Keep it open source - forever
- Strive for perfection while keeping a deadline
- Reduce complexity/avoid feature bloat
- Embrace unit testing
- Code readability: test with inexperienced programmers
- Communicate clearly
## Contribute
- Subscribe to the [IntelMQ Developers mailing list](https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev) and engage in discussions
- Report any errors and suggest improvements via [issues](https://github.com/certtools/intelmq/issues)
- Read the Developer Guide and open a [pull request](https://github.com/certtools/intelmq/pulls)
[^1]: [Incident Handling Automation Project](https://www.enisa.europa.eu/activities/cert/support/incident-handling-automation), mailing list: [email protected]
