Skip to content

Commit 58f95ce

Browse files
author
Sebastian Wagner
committed
MAINT: sort BOTS file
1 parent e901d0f commit 58f95ce

File tree

1 file changed

+54
-47
lines changed

1 file changed

+54
-47
lines changed

intelmq/bots/BOTS

Lines changed: 54 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -45,8 +45,8 @@
4545
"description": "Fetch data from the Apache Kafka distributed stream processing system.",
4646
"module": "intelmq.bots.collectors.kafka.collector",
4747
"parameters": {
48-
"topic": "<topic>",
49-
"bootstrap_servers": "localhost:9092"
48+
"bootstrap_servers": "localhost:9092",
49+
"topic": "<topic>"
5050
}
5151
},
5252
"Mail Attachment Fetcher": {
@@ -110,14 +110,14 @@
110110
"extract_files": false,
111111
"gpg_keyring": null,
112112
"http_password": null,
113-
"http_url_formatting": false,
114113
"http_url": "<insert url of feed>",
114+
"http_url_formatting": false,
115115
"http_username": null,
116116
"name": "__FEED__",
117117
"provider": "__PROVIDER__",
118118
"rate_limit": 3600,
119-
"signature_url_formatting": false,
120119
"signature_url": null,
120+
"signature_url_formatting": false,
121121
"ssl_client_certificate": null,
122122
"verify_pgp_signatures": false
123123
}
@@ -251,12 +251,12 @@
251251
"description": "Collect data from ESET's TAXII API",
252252
"module": "intelmq.bots.collectors.eset.collector",
253253
"parameters": {
254-
"username": "<username>",
255-
"password": "<password>",
254+
"collection": "<collection>",
256255
"endpoint": "eti.eset.com",
257-
"time_delta": 3600,
256+
"password": "<password>",
258257
"rate_limit": 3600,
259-
"collection": "<collection>"
258+
"time_delta": 3600,
259+
"username": "<username>"
260260
}
261261
},
262262
"Github API": {
@@ -416,6 +416,16 @@
416416
"module": "intelmq.bots.parsers.ci_army.parser",
417417
"parameters": {}
418418
},
419+
"CZ.NIC HaaS": {
420+
"description": "CZ.NIC HaaS Parser is the bot responsible to parse the report and sanitize the information.",
421+
"module": "intelmq.bots.parsers.cznic.parser_haas",
422+
"parameters": {}
423+
},
424+
"CZ.NIC Proki": {
425+
"description": "Parse the feed from malicious IP addresses on Czech networks.",
426+
"module": "intelmq.bots.parsers.cznic.parser_proki",
427+
"parameters": {}
428+
},
419429
"CertStream": {
420430
"description": "Parse the CertStream feed.",
421431
"module": "intelmq.bots.parsers.calidog.parser_certstream",
@@ -436,16 +446,6 @@
436446
"module": "intelmq.bots.parsers.cymru.parser_full_bogons",
437447
"parameters": {}
438448
},
439-
"CZ.NIC HaaS": {
440-
"description": "CZ.NIC HaaS Parser is the bot responsible to parse the report and sanitize the information.",
441-
"module": "intelmq.bots.parsers.cznic.parser_haas",
442-
"parameters": {}
443-
},
444-
"CZ.NIC Proki": {
445-
"description": "Parse the feed from malicious IP addresses on Czech networks.",
446-
"module": "intelmq.bots.parsers.cznic.parser_proki",
447-
"parameters": {}
448-
},
449449
"DShield AS": {
450450
"description": "Parse the DShield AS.",
451451
"module": "intelmq.bots.parsers.dshield.parser_asn",
@@ -551,9 +551,9 @@
551551
"description": "Parse key=value strings.",
552552
"module": "intelmq.bots.parsers.key_value.parser",
553553
"parameters": {
554-
"pair_separator": " ",
555-
"kv_separator": "=",
556554
"keys": {},
555+
"kv_separator": "=",
556+
"pair_separator": " ",
557557
"strip_quotes": true,
558558
"timestamp_key": null
559559
}
@@ -866,9 +866,9 @@
866866
"module": "intelmq.bots.experts.maxmind_geoip.expert",
867867
"parameters": {
868868
"database": "/opt/intelmq/var/lib/bots/maxmind_geoip/GeoLite2-City.mmdb",
869+
"license_key": "<insert Maxmind license key>",
869870
"overwrite": false,
870-
"use_registered": false,
871-
"license_key": "<insert Maxmind license key>"
871+
"use_registered": false
872872
}
873873
},
874874
"McAfee Active Response Lookup": {
@@ -927,9 +927,9 @@
927927
"description": "Adds the Risk Score from RecordedFuture IPRisk associated with source.ip or destination.ip with a local database.",
928928
"module": "intelmq.bots.experts.recordedfuture_iprisk.expert",
929929
"parameters": {
930+
"api_token": "<insert Recorded Future IPRisk API token>",
930931
"database": "/opt/intelmq/var/lib/bots/recordedfuture_iprisk/rfiprisk.dat",
931-
"overwrite": false,
932-
"api_token": "<insert Recorded Future IPRisk API token>"
932+
"overwrite": false
933933
}
934934
},
935935
"Reverse DNS": {
@@ -956,19 +956,26 @@
956956
"description": "Enrich an event from Splunk search results.",
957957
"module": "intelmq.bots.experts.splunk_saved_search.expert",
958958
"parameters": {
959-
"url": "https://splunk:8089/",
960959
"auth_token": "VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wIG92ZXIgdGhlIGxhenkgZG9nLgo=",
960+
"multiple_result_handling": [
961+
"warn",
962+
"use_first",
963+
"send"
964+
],
965+
"not_found": [
966+
"warn",
967+
"send"
968+
],
969+
"overwrite": null,
970+
"result_fields": {
971+
"result field": "event field"
972+
},
961973
"retry_interval": 5,
962974
"saved_search": "search_name",
963975
"search_parameters": {
964976
"event field": "search parameter"
965977
},
966-
"result_fields": {
967-
"result field": "event field"
968-
},
969-
"not_found": [ "warn", "send" ],
970-
"multiple_result_handling": [ "warn", "use_first", "send" ],
971-
"overwrite": null
978+
"url": "https://splunk:8089/"
972979
}
973980
},
974981
"Taxonomy": {
@@ -980,17 +987,17 @@
980987
"description": "Check if the number of similar messages during a specified time interval exceeds a set value.",
981988
"module": "intelmq.bots.experts.threshold.expert",
982989
"parameters": {
990+
"add_keys": {
991+
"comment": "Threshold reached"
992+
},
983993
"filter_keys": "raw,time.observation",
984994
"filter_type": "blacklist",
985995
"redis_cache_db": "11",
986996
"redis_cache_host": "127.0.0.1",
987997
"redis_cache_password": null,
988998
"redis_cache_port": "6379",
989-
"timeout": 3600,
990999
"threshold": 100,
991-
"add_keys": {
992-
"comment": "Threshold reached"
993-
}
1000+
"timeout": 3600
9941001
}
9951002
},
9961003
"Tor Nodes": {
@@ -1182,24 +1189,24 @@
11821189
"description": "Request Tracker ticket creation bot. Create linked Investigation queue ticket if needed, according to the RTIR flow",
11831190
"module": "intelmq.bots.outputs.rt.output",
11841191
"parameters": {
1185-
"rt_uri": "http://localhost/REST/1.0",
1186-
"verify_cert": true,
1187-
"rt_user": "apiuser",
1188-
"rt_password": "<password>",
1189-
"queue": "Incidents",
1190-
"description_attr": "event_description.text",
11911192
"CF_mapping": {
1192-
"event_description.text": "Description",
1193-
"source.ip": "IP",
1194-
"classification.type": "Incident Type",
11951193
"classification.taxonomy": "Classification",
1196-
"extra.incident.severity": "Incident Severity",
1194+
"classification.type": "Incident Type",
1195+
"event_description.text": "Description",
11971196
"extra.incident.importance": "Importance",
1198-
"extra.organization.name": "Customer"
1197+
"extra.incident.severity": "Incident Severity",
1198+
"extra.organization.name": "Customer",
1199+
"source.ip": "IP"
11991200
},
12001201
"create_investigation": false,
1202+
"description_attr": "event_description.text",
1203+
"final_status": "resolved",
12011204
"investigation_fields": "time.source,time.observation,source.ip,source.port,source.fqdn,source.url,classification.taxonomy,classification.type,classification.identifier,event_description.url,event_description.text,malware.name,protocol.application,protocol.transport",
1202-
"final_status": "resolved"
1205+
"queue": "Incidents",
1206+
"rt_password": "<password>",
1207+
"rt_uri": "http://localhost/REST/1.0",
1208+
"rt_user": "apiuser",
1209+
"verify_cert": true
12031210
}
12041211
},
12051212
"SMTP": {

0 commit comments

Comments
 (0)