{ "cymru-whois-expert": { "bot_id": "cymru-whois-expert", "description": "Cymru Whois (IP to ASN) is the bot responsible to add network information to the events (BGP, ASN, AS Name, Country, etc..).", "enabled": true, "group": "Expert", "groupname": "experts", "module": "intelmq.bots.experts.cymru_whois.expert", "name": "Cymru Whois", "parameters": { "overwrite": true, "redis_cache_db": 5, "redis_cache_password": null, "redis_cache_port": 6379, "redis_cache_ttl": 86400 }, "run_mode": "continuous" }, "deduplicator-expert": { "bot_id": "deduplicator-expert", "description": "Deduplicator is the bot responsible for detection and removal of duplicate messages. Messages get cached for seconds. If found in the cache, it is assumed to be a duplicate.", "enabled": true, "group": "Expert", "groupname": "experts", "module": "intelmq.bots.experts.deduplicator.expert", "name": "Deduplicator", "parameters": { "filter_keys": "raw,time.observation", "filter_type": "blacklist", "redis_cache_db": 6, "redis_cache_port": 6379, "redis_cache_ttl": 86400 }, "run_mode": "continuous" }, "feodo-tracker-browse-collector": { "description": "Generic URL Fetcher is the bot responsible to get the report from an URL.", "enabled": true, "group": "Collector", "module": "intelmq.bots.collectors.http.collector_http", "name": "URL Fetcher", "parameters": { "extract_files": false, "http_password": null, "http_url": "https://feodotracker.abuse.ch/browse", "http_url_formatting": false, "http_username": null, "name": "Feodo Tracker Browse", "provider": "Abuse.ch", "rate_limit": 86400, "ssl_client_certificate": null }, "run_mode": "continuous" }, "feodo-tracker-browse-parser": { "description": "HTML Table Parser is a bot configurable to parse different html table data.", "enabled": true, "group": "Parser", "module": "intelmq.bots.parsers.html_table.parser", "name": "HTML Table", "parameters": { "attribute_name": "", "attribute_value": "", "columns": "time.source,source.ip,malware.name,status,extra.SBL,source.as_name,source.geolocation.cc", "default_url_protocol": "http://", "ignore_values": ",,,,Not listed,,", "skip_table_head": true, "split_column": "", "split_index": 0, "split_separator": "", "table_index": 0, "time_format": null, "type": "c2server" }, "run_mode": "continuous" }, "file-output": { "bot_id": "file-output", "description": "File is the bot responsible to send events to a file.", "enabled": true, "group": "Output", "groupname": "outputs", "module": "intelmq.bots.outputs.file.output", "name": "File", "parameters": { "file": "/opt/intelmq/var/lib/bots/file-output/events.txt", "hierarchical_output": false, "single_key": null }, "run_mode": "continuous" }, "gethostbyname-1-expert": { "bot_id": "gethostbyname-1-expert", "description": "fqdn2ip is the bot responsible to parsing the ip from the fqdn.", "enabled": true, "group": "Expert", "groupname": "experts", "module": "intelmq.bots.experts.gethostbyname.expert", "name": "Gethostbyname", "parameters": {}, "run_mode": "continuous" }, "gethostbyname-2-expert": { "bot_id": "gethostbyname-2-expert", "description": "fqdn2ip is the bot responsible to parsing the ip from the fqdn.", "enabled": true, "group": "Expert", "groupname": "experts", "module": "intelmq.bots.experts.gethostbyname.expert", "name": "Gethostbyname", "parameters": {}, "run_mode": "continuous" }, "malc0de-parser": { "bot_id": "malc0de-parser", "description": "Malc0de Parser is the bot responsible to parse the IP Blacklist and either Windows Format or Bind Format reports and sanitize the information.", "enabled": true, "group": "Parser", "groupname": "parsers", "module": "intelmq.bots.parsers.malc0de.parser", "name": "Malc0de", "parameters": {}, "run_mode": "continuous" }, "malc0de-windows-format-collector": { "bot_id": "malc0de-windows-format-collector", "description": "", "enabled": true, "group": "Collector", "groupname": "collectors", "module": "intelmq.bots.collectors.http.collector_http", "name": "Malc0de Windows Format", "parameters": { "http_password": null, "http_url": "https://malc0de.com/bl/BOOT", "http_username": null, "name": "Windows Format", "provider": "Malc0de", "rate_limit": 10800, "ssl_client_certificate": null }, "run_mode": "continuous" }, "malware-domain-list-collector": { "bot_id": "malware-domain-list-collector", "description": "Malware Domain List Collector is the bot responsible to get the report from source of information.", "enabled": true, "group": "Collector", "groupname": "collectors", "module": "intelmq.bots.collectors.http.collector_http", "name": "Malware Domain List", "parameters": { "http_url": "http://www.malwaredomainlist.com/updatescsv.php", "name": "Malware Domain List", "provider": "Malware Domain List", "rate_limit": 3600 }, "run_mode": "continuous" }, "malware-domain-list-parser": { "bot_id": "malware-domain-list-parser", "description": "Malware Domain List Parser is the bot responsible to parse the report and sanitize the information.", "enabled": true, "group": "Parser", "groupname": "parsers", "module": "intelmq.bots.parsers.malwaredomainlist.parser", "name": "Malware Domain List", "parameters": {}, "run_mode": "continuous" }, "spamhaus-drop-collector": { "bot_id": "spamhaus-drop-collector", "description": "", "enabled": true, "group": "Collector", "groupname": "collectors", "module": "intelmq.bots.collectors.http.collector_http", "name": "Spamhaus Drop", "parameters": { "http_password": null, "http_url": "https://www.spamhaus.org/drop/drop.txt", "http_username": null, "name": "Drop", "provider": "Spamhaus", "rate_limit": 3600, "ssl_client_certificate": null }, "run_mode": "continuous" }, "spamhaus-drop-parser": { "bot_id": "spamhaus-drop-parser", "description": "Spamhaus Drop Parser is the bot responsible to parse the DROP, EDROP, DROPv6, and ASN-DROP reports and sanitize the information.", "enabled": true, "group": "Parser", "groupname": "parsers", "module": "intelmq.bots.parsers.spamhaus.parser_drop", "name": "Spamhaus Drop", "parameters": {}, "run_mode": "continuous" }, "taxonomy-expert": { "bot_id": "taxonomy-expert", "description": "Taxonomy is the bot responsible to apply the eCSIRT Taxonomy to all events.", "enabled": true, "group": "Expert", "groupname": "experts", "module": "intelmq.bots.experts.taxonomy.expert", "name": "Taxonomy", "parameters": {}, "run_mode": "continuous" }, "url2fqdn-expert": { "bot_id": "url2fqdn-expert", "description": "url2fqdn is the bot responsible to parsing the fqdn from the url.", "enabled": true, "group": "Expert", "groupname": "experts", "module": "intelmq.bots.experts.url2fqdn.expert", "name": "URL2FQDN", "parameters": { "load_balance": true, "overwrite": false }, "run_mode": "continuous" } }