intelmq.bots.experts.rfc1918 package¶
Submodules¶
intelmq.bots.experts.rfc1918.expert module¶
- RFC 1918 Will Drop Local IP from a given record and a bit more.
- It checks for RFC1918 IPv4 Hosts It checks for localhost, multicast and test LANs It checks for Link Local and Documentation LAN in IPv6 It checks for RFC538 ASNs
Need only to feed the parameter “fields” to set the name of the field parameter designed to be filtered out. Several parameters could be used, separated by “,” It could sanitize the whole records with the “drop” parameter set to “yes”
Sources: https://tools.ietf.org/html/rfc1918 https://tools.ietf.org/html/rfc2606 https://tools.ietf.org/html/rfc3849 https://tools.ietf.org/html/rfc4291 https://tools.ietf.org/html/rfc5737 https://en.wikipedia.org/wiki/IPv4 https://en.wikipedia.org/wiki/Autonomous_system_(Internet)
-
intelmq.bots.experts.rfc1918.expert.
BOT
¶ alias of
intelmq.bots.experts.rfc1918.expert.RFC1918ExpertBot
-
class
intelmq.bots.experts.rfc1918.expert.
RFC1918ExpertBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)¶ Bases:
intelmq.lib.bot.ExpertBot
Removes fields or discard events if an IP address or domain is invalid as defined in standards like RFC 1918 (invalid, local, reserved, documentation). IP address, FQDN and URL fields are supported
-
static
check
(parameters)¶
-
fields
= 'destination.ip,source.ip,source.url'¶
-
init
()¶
-
is_in_domains
(value)¶
-
is_in_net
(ip)¶
-
is_subdomain
(value)¶
-
policy
= 'del,drop,drop'¶
-
process
()¶
-
static