intelmq.bots.experts.ripe package¶
Submodules¶
intelmq.bots.experts.ripe.expert module¶
Reference: https://stat.ripe.net/docs/data_api https://github.com/RIPE-NCC/whois/wiki/WHOIS-REST-API-abuse-contact
-
intelmq.bots.experts.ripe.expert.
BOT
¶
-
class
intelmq.bots.experts.ripe.expert.
RIPEExpertBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)¶ Bases:
intelmq.lib.bot.ExpertBot
,intelmq.lib.mixins.cache.CacheMixin
Fetch abuse contact and/or geolocation information for the source and/or destination IP addresses and/or ASNs of the events
-
GEOLOCATION_REPLY_TO_INTERNAL
= {('city', 'city'), ('longitude', 'longitude'), ('cc', 'country'), ('latitude', 'latitude')}¶
-
QUERY
= {'db_asn': 'https://rest.db.ripe.net/abuse-contact/as{}.json', 'db_ip': 'https://rest.db.ripe.net/abuse-contact/{}.json', 'stat': 'https://stat.ripe.net/data/abuse-contact-finder/data.json?resource={}', 'stat_geolocation': 'https://stat.ripe.net/data/maxmind-geo-lite/data.json?resource={}'}¶
-
REPLY_TO_DATA
= {'db_asn': <function RIPEExpertBot.<lambda> at 0x7f79320cd950>, 'db_ip': <function RIPEExpertBot.<lambda> at 0x7f79320cdbf8>, 'stat': <function RIPEExpertBot.<lambda> at 0x7f79320cdd90>, 'stat_geolocation': <function RIPEExpertBot.<lambda> at 0x7f79320cdf28>}¶
-
init
()¶
-
mode
= 'append'¶
-
process
()¶
-
query_ripe_db_asn
= True¶
-
query_ripe_db_ip
= True¶
-
query_ripe_stat_asn
= True¶
-
query_ripe_stat_geolocation
= True¶
-
query_ripe_stat_ip
= True¶
-
redis_cache_db
= 10¶
-
redis_cache_host
= '127.0.0.1'¶
-
redis_cache_password
= None¶
-
redis_cache_port
= 6379¶
-
redis_cache_ttl
= 86400¶
-
-
intelmq.bots.experts.ripe.expert.
clean_geo
(geo_data)¶ Clean RIPE reply specifics for geolocation query
-
intelmq.bots.experts.ripe.expert.
clean_string
(s)¶ Clean RIPE reply specifics for splittable string replies