Need help with intelmq?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

certtools
634 Stars 249 Forks Other 6.9K Commits 195 Opened issues

Description

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Services available

!
?

Need anything else?

Contributors list

===================

Welcome to IntelMQ!

.. image:: docs/static/LogoIntel_MQ.svg :alt: IntelMQ

|Build Status| |codecov.io| |CII Badge|

IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs, abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.

IntelMQ can be used for - automated incident handling - situational awareness - automated notifications - as data collector for other tools - etc.

IntelMQ's design was influenced by

AbuseHelper 
__, however it was re-written from scratch and aims at:
  • Reducing the complexity of system administration
  • Reducing the complexity of writing new bots for new data feeds
  • Reducing the probability of events lost in all process with persistence functionality (even system crash)
  • Use and improve the existing Data Harmonization Ontology
  • Use JSON format for all messages
  • Provide easy way to store data into Log Collectors like ElasticSearch, Splunk, databases (such as PostgreSQL)
  • Provide easy way to create your own black-lists
  • Provide easy communication with other systems via HTTP RESTful API

It follows the following basic meta-guidelines:

  • Don't break simplicity - KISS
  • Keep it open source - forever
  • Strive for perfection while keeping a deadline
  • Reduce complexity/avoid feature bloat
  • Embrace unit testing
  • Code readability: test with unexperienced programmers
  • Communicate clearly

For support questions please reach out on the

the intelmq-users mailing list 
_

==============================

IntelMQ Manager and more tools

Several pieces of software evolved around IntelMQ. For example, check out

IntelMQ Manager 
_ which is a web based interface to easily manage an IntelMQ system.

More tools can be found in the

Ecosystem chapter in the documentation 
_.

==================

How to participate

IntelMQ is a community project depending on your contributions. Please consider sharing your work.

  • Have a look at our
    Developers Guide 
    _ for documentation.
  • Subscribe to the
    Intelmq-dev Mailing list 
    _ to get answers to your development questions:
  • The
    Github issues 
    _ lists all the open feature requests, bug reports and ideas.
  • Some developers are also on IRC:
    channel #intelmq on irc.freenode.net 
    __.

====================================

Incident Handling Automation Project

  • URL: http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation
  • Mailing-list: [email protected]

=======

Licence

This software is licensed under GNU Affero General Public License version 3

=======

Funding

This project was partially funded by the CEF framework

.. figure:: docs/static/ceflogo.png :alt: Co-financed by the Connecting Europe Facility of the European Union

.. |Build Status| image:: https://github.com/certtools/intelmq/workflows/Nosetest%20test%20suite/badge.svg :target: https://github.com/certtools/intelmq/actions .. |codecov.io| image:: https://codecov.io/github/certtools/intelmq/coverage.svg?branch=develop :target: https://codecov.io/github/certtools/intelmq?branch=master .. |CII Badge| image:: https://bestpractices.coreinfrastructure.org/projects/4186/badge :target: https://bestpractices.coreinfrastructure.org/projects/4186/

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.