Skip to content
Permalink
Browse files

Merge remote-tracking branch 'upstream/pr/1379' into develop

  • Loading branch information...
wagner-certat committed Mar 1, 2019
2 parents 6f4644f + 88390bd commit b89160ab2aa6685a75179b4aac1c012212911e06
Showing with 51 additions and 0 deletions.
  1. +25 −0 docs/Feeds.md
  2. +26 −0 intelmq/etc/feeds.yaml
@@ -120,6 +120,31 @@ To add feeds to this file add them to `intelmq/etc/feeds.yaml` and then run
* **Configuration Parameters:**


## URLhaus

* **Status:** on
* **Revision:** 14-02-2019
* **Description:** URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution. URLhaus offers a country, ASN (AS number) and Top Level Domain (TLD) feed for network operators / Internet Service Providers (ISPs), Computer Emergency Response Teams (CERTs) and domain registries.

### Collector

* **Module:** intelmq.bots.collectors.http.collector_http
* **Configuration Parameters:**
* * `http_url`: `https://urlhaus.abuse.ch/feeds/tld/<TLD>/, https://urlhaus.abuse.ch/feeds/country/<CC>/, or https://urlhaus.abuse.ch/feeds/asn/<ASN>/`
* * `name`: `URLhaus`
* * `provider`: `Abuse.ch`
* * `rate_limit`: `129600`

### Parser

* **Module:** intelmq.bots.parsers.generic.parser_csv
* **Configuration Parameters:**
* * `columns`: `time.source,source.url,status,extra.urlhaus.threat_type,source.fqdn,source.ip,source.asn,source.geolocation.cc`
* * `default_url_protocol`: `http://`
* * `skip_header`: `False`
* * `type_translation`: `{"malware_download": "malware-distribution"}`


## Zeus Tracker Domains

* **Status:** off
@@ -468,6 +468,32 @@ providers:
revision: 20-01-2018
status: on
documentation:
URLhaus:
description: URLhaus is a project from abuse.ch with the goal of sharing malicious
URLs that are being used for malware distribution. URLhaus offers a country, ASN
(AS number) and Top Level Domain (TLD) feed for network operators / Internet Service
Providers (ISPs), Computer Emergency Response Teams (CERTs) and domain registries.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://urlhaus.abuse.ch/feeds/tld/<TLD>/,
https://urlhaus.abuse.ch/feeds/country/<CC>/, or
https://urlhaus.abuse.ch/feeds/asn/<ASN>/
rate_limit: 129600
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.generic.parser_csv
parameters:
skip_header: false
default_url_protocol: http://
type_translation: '{"malware_download": "malware-distribution"}'
columns: time.source,source.url,status,extra.urlhaus.threat_type,source.fqdn,source.ip,source.asn,source.geolocation.cc
revision: 14-02-2019
status: on
documentation:
Blueliv:
CrimeServer:
description: Blueliv Crimeserver Collector is the bot responsible to get the

0 comments on commit b89160a

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.