intelmq.bots.parsers.dshield package¶
Submodules¶
intelmq.bots.parsers.dshield.parser_asn module¶
# created: Tue, 22 Dec 2015 12:19:03 +0000# # Source IP is 0 padded so each byte is three digits long # Reports: number of packets received # Targets: number of target IPs that reported packets from this source. # First Seen: First time we saw a packet from this source # Last Seen: Last time we saw a packet from this source # Updated: Last time the record was updated. # # IPs are removed if they have not been seen in 30 days. # # source IP <tab> Reports <tab> Targets <tab> First Seen <tab> Last Seen <tab> Updated <CR>
- intelmq.bots.parsers.dshield.parser_asn.BOT¶
alias of
intelmq.bots.parsers.dshield.parser_asn.DShieldASNParserBot
- class intelmq.bots.parsers.dshield.parser_asn.DShieldASNParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)¶
Bases:
intelmq.lib.bot.ParserBot
Parse the DShield AS
- process()¶
intelmq.bots.parsers.dshield.parser_block module¶
# primary URL: https://feeds.dshield.org/block.txt # PGP Sign.: https://feeds.dshield.org/block.txt.asc # # updated: Tue Dec 15 15:33:38 2015 UTC # # This list summarizes the top 20 attacking class C (/24) subnets # over the last three days. The number of ‘attacks’ indicates the # number of targets reporting scans from this subnet. # # Columns (tab delimited): # (1) start of netblock # (2) end of netblock # (3) subnet (/24 for class C) # (4) number of targets scanned # (5) name of Network # (6) Country # (7) contact email address
- intelmq.bots.parsers.dshield.parser_block.BOT¶
alias of
intelmq.bots.parsers.dshield.parser_block.DshieldBlockParserBot
- class intelmq.bots.parsers.dshield.parser_block.DshieldBlockParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)¶
Bases:
intelmq.lib.bot.ParserBot
Parse the DShield Block feed
- process()¶
intelmq.bots.parsers.dshield.parser_domain module¶
# DShield.org Suspicious Domain List # # comments: info@dshield.org # updated: Tue Dec 22 04:10:10 2015 UTC # # This list consists of High Level Sensitivity website URLs # Columns (tab delimited): # # (1) site
- intelmq.bots.parsers.dshield.parser_domain.BOT¶
alias of
intelmq.bots.parsers.dshield.parser_domain.DshieldDomainParserBot
- class intelmq.bots.parsers.dshield.parser_domain.DshieldDomainParserBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)¶
Bases:
intelmq.lib.bot.ParserBot
Parse the DShield Suspicious Domains feed
- process()¶