The complete IntelMQ universe consists of the following components:
- IntelMQ
- IntelMQ API
- IntelMQ Manager
- additional tools
- useful scripts
This project contains the core functionality.
The Core includes all the components required for processing data feeds. This includes the bots, configuration, pipeline, the internal data format, management tools etc.
This is an extension of IntelMQ providing hug based REST API for remote management.
The Manager is the most known software and can be seen as the face of IntelMQ. It's goal is to provide an intuitive web interface to allow non-programmers to specify the data flow in IntelMQ.
Here you can find a list of additional tools. If you think something is missing, please let us know!
Unless stated otherwise, the tools are maintained by the IntelMQ community.
A web-based interface to ingest CSV data into IntelMQ with on-line validation and live feedback.
This interface allows inserting "one-shot" data feeds into IntelMQ without the need to configure bots in IntelMQ.
→ Repository: intelmq-webinput-csv
A solution allowing an IntelMQ setup with a sophisticated contact database, managed by a web interface and sending out aggregated email reports. In different words: To send grouped notifications to network owners using SMTP.
Developed and maintained by Intevation, initially funded by BSI.
It consists of the following three components, which can also be used on their own.
The certbund-contact consists of two IntelMQ expert bots, which fetch and process the information from the contact database, and scripts to import RIPE data into the contact database. Based on user-defined rules, the experts determine to which contact the event is to be sent to, and which e-mail template and attachment format to use.
The contact database handles contact information for Autonomous systems (AS), Network ranges (CIDR) and single IP addresses, and domains. The component also includes scripts to import network information and contact data directly from RIPE.
→ Repository: intelmq-certbund-contact
Fody is a web based interface for Mailgen. It allows to read and edit contacts, query sent mails (tickets) and call up data from the PostgreSQL database.
It can also be used to just query the IntelMQ Event database without using Mailgen.
→ Repository: intelmq-fody-backend
Sends emails with grouped event data to the contacts determined by the certbund-contact Mails can be encrypted with OpenPGP.
Formatting scripts and templates define how the e-mails are created, their content and the included data.
A web application helping CERTs to enable members of their constituency to self-administrate how they get warnings related to their network objects (IP addresses, IP ranges, autonomous systems, domains). tuency is developed by Intevation for CERT.at.
If features organizational hierarchies, contact roles, self-administration and network objects per organization (Autonomous systems, network ranges, (sub)domains, RIPE organization handles). A network object claiming and approval process prevents abuse. An hierarchical rule-system on the network objects allow fine-grained settings. The tagging system for contacts and organization complement the contact-management features of the portal. Authentication is based on keycloak, which enables the re-use of the user accounts in the portal. The integrated API enables IntelMQ to query the portal for the right abuse contact and notification settings with the intelmq.bots.experts.tuency.expert expert bot.
A Grafana-based statistics portal for the eventdb{.interpreted-text role="doc"}. It uses aggregated data to serve statistical data quickly.
A mapping for malware names of different feeds with different names to a common family name.
→ Repository: malware_name_mapping
A repository with tools for IntelMQ docker instance.
Developed and maintained by CERT.at.
The list of useful scripts contributed to the IntelMQ universe can be found in the main repository.