Cyber security

IntelMQ – Boosting Cybersecurity With Automation And Intelligence

IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol.

It’s a community driven initiative called IHAP1 (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events.

Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.

IntelMQ is frequently used for:

  • automated incident handling
  • situational awareness
  • automated notifications
  • as data collector for other tools
  • and more!

The design was influenced by AbuseHelper however it was re-written from scratch and aims at:

  • Reducing the complexity of system administration
  • Reducing the complexity of writing new bots for new data feeds
  • Reducing the probability of events lost in all process with persistence functionality (even system crash)
  • Use and improve the existing Data Harmonization Ontology
  • Use JSON format for all messages
  • Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk
  • Provide easy way to create your own black-lists
  • Provide easy communication with other systems via HTTP RESTful API

It follows the following basic meta-guidelines:

  • Don’t break simplicity – KISS
  • Keep it open source – forever
  • Strive for perfection while keeping a deadline
  • Reduce complexity/avoid feature bloat
  • Embrace unit testing
  • Code readability: test with inexperienced programmers
  • Communicate clearly
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

7 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

7 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

7 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

7 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

7 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

10 hours ago