intelmq-docker/example_config/intelmq/etc/runtime.conf

{
    "cymru-whois-expert": {
        "bot_id": "cymru-whois-expert",
        "description": "Cymru Whois (IP to ASN) is the bot responsible to add network information to the events (BGP, ASN, AS Name, Country, etc..).",
        "enabled": true,
        "group": "Expert",
        "groupname": "experts",
        "module": "intelmq.bots.experts.cymru_whois.expert",
        "name": "Cymru Whois",
        "parameters": {
            "overwrite": true,
            "redis_cache_db": 5,
            "redis_cache_host": "127.0.0.1",
            "redis_cache_password": null,
            "redis_cache_port": 6379,
            "redis_cache_ttl": 86400
        },
        "run_mode": "continuous"
    },
    "deduplicator-expert": {
        "bot_id": "deduplicator-expert",
        "description": "Deduplicator is the bot responsible for detection and removal of duplicate messages. Messages get cached for <redis_cache_ttl> seconds. If found in the cache, it is assumed to be a duplicate.",
        "enabled": true,
        "group": "Expert",
        "groupname": "experts",
        "module": "intelmq.bots.experts.deduplicator.expert",
        "name": "Deduplicator",
        "parameters": {
            "filter_keys": "raw,time.observation",
            "filter_type": "blacklist",
            "redis_cache_db": 6,
            "redis_cache_host": "127.0.0.1",
            "redis_cache_port": 6379,
            "redis_cache_ttl": 86400
        },
        "run_mode": "continuous"
    },
    "feodo-tracker-browse-collector": {
        "description": "Generic URL Fetcher is the bot responsible to get the report from an URL.",
        "enabled": true,
        "group": "Collector",
        "module": "intelmq.bots.collectors.http.collector_http",
        "name": "URL Fetcher",
        "parameters": {
            "extract_files": false,
            "http_password": null,
            "http_url": "https://feodotracker.abuse.ch/browse",
            "http_url_formatting": false,
            "http_username": null,
            "name": "Feodo Tracker Browse",
            "provider": "Abuse.ch",
            "rate_limit": 86400,
            "ssl_client_certificate": null
        },
        "run_mode": "continuous"
    },
    "feodo-tracker-browse-parser": {
        "description": "HTML Table Parser is a bot configurable to parse different html table data.",
        "enabled": true,
        "group": "Parser",
        "module": "intelmq.bots.parsers.html_table.parser",
        "name": "HTML Table",
        "parameters": {
            "attribute_name": "",
            "attribute_value": "",
            "columns": "time.source,source.ip,malware.name,status,extra.SBL,source.as_name,source.geolocation.cc",
            "default_url_protocol": "http://",
            "ignore_values": ",,,,Not listed,,",
            "skip_table_head": true,
            "split_column": "",
            "split_index": 0,
            "split_separator": "",
            "table_index": 0,
            "time_format": null,
            "type": "c2server"
        },
        "run_mode": "continuous"
    },
    "file-output": {
        "bot_id": "file-output",
        "description": "File is the bot responsible to send events to a file.",
        "enabled": true,
        "group": "Output",
        "groupname": "outputs",
        "module": "intelmq.bots.outputs.file.output",
        "name": "File",
        "parameters": {
            "file": "/opt/intelmq/var/lib/bots/file-output/events.txt",
            "hierarchical_output": false,
            "single_key": null
        },
        "run_mode": "continuous"
    },
    "gethostbyname-1-expert": {
        "bot_id": "gethostbyname-1-expert",
        "description": "fqdn2ip is the bot responsible to parsing the ip from the fqdn.",
        "enabled": true,
        "group": "Expert",
        "groupname": "experts",
        "module": "intelmq.bots.experts.gethostbyname.expert",
        "name": "Gethostbyname",
        "parameters": {},
        "run_mode": "continuous"
    },
    "gethostbyname-2-expert": {
        "bot_id": "gethostbyname-2-expert",
        "description": "fqdn2ip is the bot responsible to parsing the ip from the fqdn.",
        "enabled": true,
        "group": "Expert",
        "groupname": "experts",
        "module": "intelmq.bots.experts.gethostbyname.expert",
        "name": "Gethostbyname",
        "parameters": {},
        "run_mode": "continuous"
    },
    "malc0de-parser": {
        "bot_id": "malc0de-parser",
        "description": "Malc0de Parser is the bot responsible to parse the IP Blacklist and either Windows Format or Bind Format reports and sanitize the information.",
        "enabled": true,
        "group": "Parser",
        "groupname": "parsers",
        "module": "intelmq.bots.parsers.malc0de.parser",
        "name": "Malc0de",
        "parameters": {},
        "run_mode": "continuous"
    },
    "malc0de-windows-format-collector": {
        "bot_id": "malc0de-windows-format-collector",
        "description": "",
        "enabled": true,
        "group": "Collector",
        "groupname": "collectors",
        "module": "intelmq.bots.collectors.http.collector_http",
        "name": "Malc0de Windows Format",
        "parameters": {
            "http_password": null,
            "http_url": "https://malc0de.com/bl/BOOT",
            "http_username": null,
            "name": "Windows Format",
            "provider": "Malc0de",
            "rate_limit": 10800,
            "ssl_client_certificate": null
        },
        "run_mode": "continuous"
    },
    "spamhaus-drop-collector": {
        "bot_id": "spamhaus-drop-collector",
        "description": "",
        "enabled": true,
        "group": "Collector",
        "groupname": "collectors",
        "module": "intelmq.bots.collectors.http.collector_http",
        "name": "Spamhaus Drop",
        "parameters": {
            "http_password": null,
            "http_url": "https://www.spamhaus.org/drop/drop.txt",
            "http_username": null,
            "name": "Drop",
            "provider": "Spamhaus",
            "rate_limit": 3600,
            "ssl_client_certificate": null
        },
        "run_mode": "continuous"
    },
    "spamhaus-drop-parser": {
        "bot_id": "spamhaus-drop-parser",
        "description": "Spamhaus Drop Parser is the bot responsible to parse the DROP, EDROP, DROPv6, and ASN-DROP reports and sanitize the information.",
        "enabled": true,
        "group": "Parser",
        "groupname": "parsers",
        "module": "intelmq.bots.parsers.spamhaus.parser_drop",
        "name": "Spamhaus Drop",
        "parameters": {},
        "run_mode": "continuous"
    },
    "taxonomy-expert": {
        "bot_id": "taxonomy-expert",
        "description": "Taxonomy is the bot responsible to apply the eCSIRT Taxonomy to all events.",
        "enabled": true,
        "group": "Expert",
        "groupname": "experts",
        "module": "intelmq.bots.experts.taxonomy.expert",
        "name": "Taxonomy",
        "parameters": {},
        "run_mode": "continuous"
    },
    "url2fqdn-expert": {
        "bot_id": "url2fqdn-expert",
        "description": "url2fqdn is the bot responsible to parsing the fqdn from the url.",
        "enabled": true,
        "group": "Expert",
        "groupname": "experts",
        "module": "intelmq.bots.experts.url2fqdn.expert",
        "name": "URL2FQDN",
        "parameters": {
            "load_balance": true,
            "overwrite": false
        },
        "run_mode": "continuous"
    }
}