FIX: Remove server_tokens from nginx

Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>
FIX: Added empty __init__
2025-12-06 09:12:49 +01:00 · 2021-10-15 12:39:32 +02:00 · 2021-08-26 15:06:25 +02:00 · 2021-08-26 13:33:20 +02:00 · 2021-08-26 13:29:41 +02:00
4 changed files with 42 additions and 0 deletions
--- a/.docker/nginx/config/app.conf
+++ b/.docker/nginx/config/app.conf
@@ -3,6 +3,7 @@ upstream intelmq_api {
 }

 server {
+    server_tokens off;
    listen 80 default_server;

    server_name localhost;
--- a/custom_bots/ecs/init.py
+++ b/custom_bots/ecs/init.py
--- a/custom_bots/ecs/expert.py
+++ b/custom_bots/ecs/expert.py
@@ -0,0 +1,38 @@
+# SPDX-FileCopyrightText: 2021 Birger Schacht
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+import json
+from intelmq.lib.bot import Bot
+
+
+class ECSExpertBot(Bot):
+    """Write some fields to the output field in ECS format"""
+
+    def process(self):
+        msg = self.receive_message()
+
+        ecs = {}
+
+        # If the event source has no original timestamp, this value is
+        # typically populated by the first time the event was received by the
+        # pipeline.
+        # (https://www.elastic.co/guide/en/ecs/current/ecs-base.html)
+        ecs['@timestamp'] = msg['time.source'] if 'time.source' in msg else msg['time.observation']
+
+        if 'feed.provider' in msg:
+            ecs['event.provider'] = msg['feed.provider']
+        if 'source.ip' in msg:
+            ecs['server.ip'] = msg['source.ip']
+        if 'source.fqdn' in msg:
+            ecs['server.domain'] = msg['source.fqdn']
+        if 'feed.name' in msg:
+            ecs['event.dataset'] = msg['feed.name']
+
+        msg.add("output", json.dumps(ecs))
+
+        self.send_message(msg)
+        self.acknowledge_message()
+
+
+BOT = ECSExpertBot
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,6 +26,9 @@ services:
            - ./example_config/intelmq-api/config.json:/etc/intelmq/api-config.json
            - ./intelmq_logs:/opt/intelmq/var/log
            - ./intelmq_output:/opt/intelmq/var/lib/bots
+
+            - ./custom_bots/ecs/__init__.py:/etc/intelmq/intelmq/bots/experts/ecs/__init__.py:ro
+            - ./custom_bots/ecs/expert.py:/etc/intelmq/intelmq/bots/experts/ecs/expert.py:ro
        depends_on:
            - redis
        environment:
Author	SHA1	Message	Date
Sebastian Waldbauer	01d53b3738	FIX: Remove server_tokens from nginx Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>	2021-10-15 12:39:32 +02:00
Sebastian Waldbauer	1b1e0cbdc3	FIX: Added empty __init__ Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>	2021-08-26 15:06:25 +02:00
Sebastian Waldbauer	0aa3588c45	FIX: Removing test-bot Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>	2021-08-26 13:33:20 +02:00
Sebastian Waldbauer	bf2c95fe2a	ENH: Test new feature Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>	2021-08-26 13:29:41 +02:00