Anúncios

Security and Technology

IntelMQ – A solution for IT security teams for collecting and processing security feeds using a message queuing protocol

IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,…) for collecting and processing security feeds (such as log files) using a message queuing protocol. It’s a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.

IntelMQ’s design was influenced by AbuseHelper , however it was re-written from scratch and aims at:

Reduce the complexity of system administration

Reduce the complexity of writing new bots for new data feeds

Reduce the probability of events lost in all process with persistence functionality (even system crash)

Use and improve the existing Data Harmonization Ontology

Use JSON format for all messages

Integration of the existing tools (AbuseHelper, CIF)

Provide easy way to store data into Log Collectors like ElasticSearch, Splunk, databases (such as PostgreSQL)

Provide easy way to create your own black-lists

Provide easy communication with other systems via HTTP RESTFUL API

It follows the following basic meta-guidelines:

Don’t break simplicity – KISS

Keep it open source – forever

Strive for perfection while keeping a deadline

Reduce complexity/avoid feature bloat

Embrace unit testing

Code readability: test with unexperienced programmers

Communicate clearly

Table of Contents

How to Install

Developers Guide

IntelMQ Manager

Incident Handling Automation Project

Data Harmonization

How to Participate

Licence

How to Install

See UserGuide .

Developers Guide

See Developers Guide .

IntelMQ Manager

Check out this graphical tool and easily manage an IntelMQ system.

Incident Handling Automation Project

URL: http://ift.tt/2lHJ7xJ

Mailing-list: ihap@lists.trusted-introducer.org

Data Harmonization

IntelMQ use the Data Harmonization. Check the following document .

How to participate

Subscribe to the Intelmq-dev Mailing list: http://ift.tt/2m6zc0V (for developers)

Watch out for our regular developers conf call

IRC: server: irc.freenode.net, channel: #intelmq

Via github issues

Via Pull requests (please do read help.github.com first)

Download IntelMQ http://ift.tt/2lHzrU2 http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s