Cyber security

IntelMQ – Boosting Cybersecurity With Automation And Intelligence

IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol.

It’s a community driven initiative called IHAP1 (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events.

Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.

IntelMQ is frequently used for:

  • automated incident handling
  • situational awareness
  • automated notifications
  • as data collector for other tools
  • and more!

The design was influenced by AbuseHelper however it was re-written from scratch and aims at:

  • Reducing the complexity of system administration
  • Reducing the complexity of writing new bots for new data feeds
  • Reducing the probability of events lost in all process with persistence functionality (even system crash)
  • Use and improve the existing Data Harmonization Ontology
  • Use JSON format for all messages
  • Provide easy way to store data into databases and log collectors such as PostgreSQL, Elasticsearch and Splunk
  • Provide easy way to create your own black-lists
  • Provide easy communication with other systems via HTTP RESTful API

It follows the following basic meta-guidelines:

  • Don’t break simplicity – KISS
  • Keep it open source – forever
  • Strive for perfection while keeping a deadline
  • Reduce complexity/avoid feature bloat
  • Embrace unit testing
  • Code readability: test with inexperienced programmers
  • Communicate clearly
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Install MariaDB on Ubuntu 20.04: Setup and Admin Access

MariaDB is an open-source relational database management system. It was created by the original MySQL developers…

4 minutes ago

Best OSINT Tools for Investigating Corruption 2026: Public Records and Link Analysis

Corruption investigations need accuracy, patience, and strong evidence. In 2026, OSINT tools can help researchers,…

16 minutes ago

Best OSINT Tools for Private Investigators 2026: Legal People and Asset Research

Private investigators use OSINT to collect public information, verify identities, review business connections, check public…

34 minutes ago

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…

12 hours ago

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

Docker is an open-source platform that lets you package and run applications inside containers. Each container…

22 hours ago

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

23 hours ago