mirror of
https://github.com/certat/intelmq-docker.git
synced 2025-12-06 09:12:49 +01:00
227 lines
8.4 KiB
Plaintext
227 lines
8.4 KiB
Plaintext
{
|
|
"cymru-whois-expert": {
|
|
"bot_id": "cymru-whois-expert",
|
|
"description": "Cymru Whois (IP to ASN) is the bot responsible to add network information to the events (BGP, ASN, AS Name, Country, etc..).",
|
|
"enabled": true,
|
|
"group": "Expert",
|
|
"groupname": "experts",
|
|
"module": "intelmq.bots.experts.cymru_whois.expert",
|
|
"name": "Cymru Whois",
|
|
"parameters": {
|
|
"overwrite": true,
|
|
"redis_cache_db": 5,
|
|
"redis_cache_password": null,
|
|
"redis_cache_port": 6379,
|
|
"redis_cache_ttl": 86400
|
|
},
|
|
"run_mode": "continuous"
|
|
},
|
|
"deduplicator-expert": {
|
|
"bot_id": "deduplicator-expert",
|
|
"description": "Deduplicator is the bot responsible for detection and removal of duplicate messages. Messages get cached for <redis_cache_ttl> seconds. If found in the cache, it is assumed to be a duplicate.",
|
|
"enabled": true,
|
|
"group": "Expert",
|
|
"groupname": "experts",
|
|
"module": "intelmq.bots.experts.deduplicator.expert",
|
|
"name": "Deduplicator",
|
|
"parameters": {
|
|
"filter_keys": "raw,time.observation",
|
|
"filter_type": "blacklist",
|
|
"redis_cache_db": 6,
|
|
"redis_cache_port": 6379,
|
|
"redis_cache_ttl": 86400
|
|
},
|
|
"run_mode": "continuous"
|
|
},
|
|
"feodo-tracker-browse-collector": {
|
|
"description": "Generic URL Fetcher is the bot responsible to get the report from an URL.",
|
|
"enabled": true,
|
|
"group": "Collector",
|
|
"module": "intelmq.bots.collectors.http.collector_http",
|
|
"name": "URL Fetcher",
|
|
"parameters": {
|
|
"extract_files": false,
|
|
"http_password": null,
|
|
"http_url": "https://feodotracker.abuse.ch/browse",
|
|
"http_url_formatting": false,
|
|
"http_username": null,
|
|
"name": "Feodo Tracker Browse",
|
|
"provider": "Abuse.ch",
|
|
"rate_limit": 86400,
|
|
"ssl_client_certificate": null
|
|
},
|
|
"run_mode": "continuous"
|
|
},
|
|
"feodo-tracker-browse-parser": {
|
|
"description": "HTML Table Parser is a bot configurable to parse different html table data.",
|
|
"enabled": true,
|
|
"group": "Parser",
|
|
"module": "intelmq.bots.parsers.html_table.parser",
|
|
"name": "HTML Table",
|
|
"parameters": {
|
|
"attribute_name": "",
|
|
"attribute_value": "",
|
|
"columns": "time.source,source.ip,malware.name,status,extra.SBL,source.as_name,source.geolocation.cc",
|
|
"default_url_protocol": "http://",
|
|
"ignore_values": ",,,,Not listed,,",
|
|
"skip_table_head": true,
|
|
"split_column": "",
|
|
"split_index": 0,
|
|
"split_separator": "",
|
|
"table_index": 0,
|
|
"time_format": null,
|
|
"type": "c2server"
|
|
},
|
|
"run_mode": "continuous"
|
|
},
|
|
"file-output": {
|
|
"bot_id": "file-output",
|
|
"description": "File is the bot responsible to send events to a file.",
|
|
"enabled": true,
|
|
"group": "Output",
|
|
"groupname": "outputs",
|
|
"module": "intelmq.bots.outputs.file.output",
|
|
"name": "File",
|
|
"parameters": {
|
|
"file": "/opt/intelmq/var/lib/bots/file-output/events.txt",
|
|
"hierarchical_output": false,
|
|
"single_key": null
|
|
},
|
|
"run_mode": "continuous"
|
|
},
|
|
"gethostbyname-1-expert": {
|
|
"bot_id": "gethostbyname-1-expert",
|
|
"description": "fqdn2ip is the bot responsible to parsing the ip from the fqdn.",
|
|
"enabled": true,
|
|
"group": "Expert",
|
|
"groupname": "experts",
|
|
"module": "intelmq.bots.experts.gethostbyname.expert",
|
|
"name": "Gethostbyname",
|
|
"parameters": {},
|
|
"run_mode": "continuous"
|
|
},
|
|
"gethostbyname-2-expert": {
|
|
"bot_id": "gethostbyname-2-expert",
|
|
"description": "fqdn2ip is the bot responsible to parsing the ip from the fqdn.",
|
|
"enabled": true,
|
|
"group": "Expert",
|
|
"groupname": "experts",
|
|
"module": "intelmq.bots.experts.gethostbyname.expert",
|
|
"name": "Gethostbyname",
|
|
"parameters": {},
|
|
"run_mode": "continuous"
|
|
},
|
|
"malc0de-parser": {
|
|
"bot_id": "malc0de-parser",
|
|
"description": "Malc0de Parser is the bot responsible to parse the IP Blacklist and either Windows Format or Bind Format reports and sanitize the information.",
|
|
"enabled": true,
|
|
"group": "Parser",
|
|
"groupname": "parsers",
|
|
"module": "intelmq.bots.parsers.malc0de.parser",
|
|
"name": "Malc0de",
|
|
"parameters": {},
|
|
"run_mode": "continuous"
|
|
},
|
|
"malc0de-windows-format-collector": {
|
|
"bot_id": "malc0de-windows-format-collector",
|
|
"description": "",
|
|
"enabled": true,
|
|
"group": "Collector",
|
|
"groupname": "collectors",
|
|
"module": "intelmq.bots.collectors.http.collector_http",
|
|
"name": "Malc0de Windows Format",
|
|
"parameters": {
|
|
"http_password": null,
|
|
"http_url": "https://malc0de.com/bl/BOOT",
|
|
"http_username": null,
|
|
"name": "Windows Format",
|
|
"provider": "Malc0de",
|
|
"rate_limit": 10800,
|
|
"ssl_client_certificate": null
|
|
},
|
|
"run_mode": "continuous"
|
|
},
|
|
"malware-domain-list-collector": {
|
|
"bot_id": "malware-domain-list-collector",
|
|
"description": "Malware Domain List Collector is the bot responsible to get the report from source of information.",
|
|
"enabled": true,
|
|
"group": "Collector",
|
|
"groupname": "collectors",
|
|
"module": "intelmq.bots.collectors.http.collector_http",
|
|
"name": "Malware Domain List",
|
|
"parameters": {
|
|
"http_url": "http://www.malwaredomainlist.com/updatescsv.php",
|
|
"name": "Malware Domain List",
|
|
"provider": "Malware Domain List",
|
|
"rate_limit": 3600
|
|
},
|
|
"run_mode": "continuous"
|
|
},
|
|
"malware-domain-list-parser": {
|
|
"bot_id": "malware-domain-list-parser",
|
|
"description": "Malware Domain List Parser is the bot responsible to parse the report and sanitize the information.",
|
|
"enabled": true,
|
|
"group": "Parser",
|
|
"groupname": "parsers",
|
|
"module": "intelmq.bots.parsers.malwaredomainlist.parser",
|
|
"name": "Malware Domain List",
|
|
"parameters": {},
|
|
"run_mode": "continuous"
|
|
},
|
|
"spamhaus-drop-collector": {
|
|
"bot_id": "spamhaus-drop-collector",
|
|
"description": "",
|
|
"enabled": true,
|
|
"group": "Collector",
|
|
"groupname": "collectors",
|
|
"module": "intelmq.bots.collectors.http.collector_http",
|
|
"name": "Spamhaus Drop",
|
|
"parameters": {
|
|
"http_password": null,
|
|
"http_url": "https://www.spamhaus.org/drop/drop.txt",
|
|
"http_username": null,
|
|
"name": "Drop",
|
|
"provider": "Spamhaus",
|
|
"rate_limit": 3600,
|
|
"ssl_client_certificate": null
|
|
},
|
|
"run_mode": "continuous"
|
|
},
|
|
"spamhaus-drop-parser": {
|
|
"bot_id": "spamhaus-drop-parser",
|
|
"description": "Spamhaus Drop Parser is the bot responsible to parse the DROP, EDROP, DROPv6, and ASN-DROP reports and sanitize the information.",
|
|
"enabled": true,
|
|
"group": "Parser",
|
|
"groupname": "parsers",
|
|
"module": "intelmq.bots.parsers.spamhaus.parser_drop",
|
|
"name": "Spamhaus Drop",
|
|
"parameters": {},
|
|
"run_mode": "continuous"
|
|
},
|
|
"taxonomy-expert": {
|
|
"bot_id": "taxonomy-expert",
|
|
"description": "Taxonomy is the bot responsible to apply the eCSIRT Taxonomy to all events.",
|
|
"enabled": true,
|
|
"group": "Expert",
|
|
"groupname": "experts",
|
|
"module": "intelmq.bots.experts.taxonomy.expert",
|
|
"name": "Taxonomy",
|
|
"parameters": {},
|
|
"run_mode": "continuous"
|
|
},
|
|
"url2fqdn-expert": {
|
|
"bot_id": "url2fqdn-expert",
|
|
"description": "url2fqdn is the bot responsible to parsing the fqdn from the url.",
|
|
"enabled": true,
|
|
"group": "Expert",
|
|
"groupname": "experts",
|
|
"module": "intelmq.bots.experts.url2fqdn.expert",
|
|
"name": "URL2FQDN",
|
|
"parameters": {
|
|
"load_balance": true,
|
|
"overwrite": false
|
|
},
|
|
"run_mode": "continuous"
|
|
}
|
|
}
|