GitLocker: The Coding Marketplace

Description:

intelmq 3.3.1

Introduction
IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs
abuse departments, etc.) for collecting and processing security feeds
(such as log files) using a message queuing protocol. It's a community
driven initiative called IHAP[^1] (Incident Handling Automation Project)
which was conceptually designed by European CERTs/CSIRTs during several
InfoSec events. Its main goal is to give to incident responders an easy
way to collect & process threat intelligence thus improving the incident
handling processes of CERTs.
IntelMQ is frequently used for:

automated incident handling
situational awareness
automated notifications
as data collector for other tools
and more!

The design was influenced by
AbuseHelper however it was
re-written from scratch and aims at:

Reducing the complexity of system administration
Reducing the complexity of writing new bots for new data feeds
Reducing the probability of events lost in all process with persistence functionality (even system crash)
Use and improve the existing Data Harmonization Ontology
Use JSON format for all messages
Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk
Provide easy way to create your own black-lists
Provide easy communication with other systems via HTTP RESTful API

It follows the following basic meta-guidelines:

Don't break simplicity - KISS
Keep it open source - forever
Strive for perfection while keeping a deadline
Reduce complexity/avoid feature bloat
Embrace unit testing
Code readability: test with inexperienced programmers
Communicate clearly

Contribute

Subscribe to the IntelMQ Developers mailing list and engage in discussions
Report any errors and suggest improvements via issues
Read the Developer Guide and open a pull request

[^1]: Incident Handling Automation Project, mailing list: ihap@lists.trusted-introducer.org