CSEC_PUBLIC/intelmq-docker
1
0
Fork 0
mirror of https://github.com/certat/intelmq-docker.git synced 2025-12-06 17:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: CSEC_PUBLIC:c146edfe864225cad4d17e984355f25227c0de40
Branches Tags
CSEC_PUBLIC:main CSEC_PUBLIC:enh-test CSEC_PUBLIC:legacy
...
compare: CSEC_PUBLIC:enh-test
Branches Tags
CSEC_PUBLIC:main CSEC_PUBLIC:enh-test CSEC_PUBLIC:legacy

4 Commits
c146edfe86 ... enh-test

Author SHA1 Message Date
Sebastian Waldbauer
01d53b3738 FIX: Remove server_tokens from nginx 
Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>
 2021-10-15 12:39:32 +02:00
Sebastian Waldbauer
1b1e0cbdc3 FIX: Added empty __init__ 
Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>
 2021-08-26 15:06:25 +02:00
Sebastian Waldbauer
0aa3588c45 FIX: Removing test-bot 
Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>
 2021-08-26 13:33:20 +02:00
Sebastian Waldbauer
bf2c95fe2a ENH: Test new feature 
Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>
 2021-08-26 13:29:41 +02:00
4 changed files with 42 additions and 0 deletions
Expand all files Collapse all files

1
.docker/nginx/config/app.conf
View File

@@ -3,6 +3,7 @@ upstream intelmq_api {
} }
server { server {
server_tokens off;
listen 80 default_server; listen 80 default_server;
server_name localhost; server_name localhost;

0
custom_bots/ecs/__init__.py Normal file
View File

38
custom_bots/ecs/expert.py Normal file
View File

@@ -0,0 +1,38 @@
# SPDX-FileCopyrightText: 2021 Birger Schacht
#
# SPDX-License-Identifier: AGPL-3.0-or-later
import json
from intelmq.lib.bot import Bot
class ECSExpertBot(Bot):
"""Write some fields to the output field in ECS format"""
def process(self):
msg = self.receive_message()
ecs = {}
# If the event source has no original timestamp, this value is
# typically populated by the first time the event was received by the
# pipeline.
# (https://www.elastic.co/guide/en/ecs/current/ecs-base.html)
ecs['@timestamp'] = msg['time.source'] if 'time.source' in msg else msg['time.observation']
if 'feed.provider' in msg:
ecs['event.provider'] = msg['feed.provider']
if 'source.ip' in msg:
ecs['server.ip'] = msg['source.ip']
if 'source.fqdn' in msg:
ecs['server.domain'] = msg['source.fqdn']
if 'feed.name' in msg:
ecs['event.dataset'] = msg['feed.name']
msg.add("output", json.dumps(ecs))
self.send_message(msg)
self.acknowledge_message()
BOT = ECSExpertBot

3
docker-compose.yml
View File

@@ -26,6 +26,9 @@ services:
- ./example_config/intelmq-api/config.json:/etc/intelmq/api-config.json - ./example_config/intelmq-api/config.json:/etc/intelmq/api-config.json
- ./intelmq_logs:/opt/intelmq/var/log - ./intelmq_logs:/opt/intelmq/var/log
- ./intelmq_output:/opt/intelmq/var/lib/bots - ./intelmq_output:/opt/intelmq/var/lib/bots
- ./custom_bots/ecs/__init__.py:/etc/intelmq/intelmq/bots/experts/ecs/__init__.py:ro
- ./custom_bots/ecs/expert.py:/etc/intelmq/intelmq/bots/experts/ecs/expert.py:ro
depends_on: depends_on:
- redis - redis
environment: environment: