intelmq.bots.experts.ripe package

Submodules

intelmq.bots.experts.ripe.expert module

Reference: https://stat.ripe.net/docs/data_api https://github.com/RIPE-NCC/whois/wiki/WHOIS-REST-API-abuse-contact

intelmq.bots.experts.ripe.expert.BOT

alias of intelmq.bots.experts.ripe.expert.RIPEExpertBot

class intelmq.bots.experts.ripe.expert.RIPEExpertBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)

Bases: intelmq.lib.bot.ExpertBot, intelmq.lib.mixins.cache.CacheMixin

Fetch abuse contact and/or geolocation information for the source and/or destination IP addresses and/or ASNs of the events

GEOLOCATION_REPLY_TO_INTERNAL = {('city', 'city'), ('longitude', 'longitude'), ('cc', 'country'), ('latitude', 'latitude')}
QUERY = {'db_asn': 'https://rest.db.ripe.net/abuse-contact/as{}.json', 'db_ip': 'https://rest.db.ripe.net/abuse-contact/{}.json', 'stat': 'https://stat.ripe.net/data/abuse-contact-finder/data.json?resource={}', 'stat_geolocation': 'https://stat.ripe.net/data/maxmind-geo-lite/data.json?resource={}'}
REPLY_TO_DATA = {'db_asn': <function RIPEExpertBot.<lambda> at 0x7f79320cd950>, 'db_ip': <function RIPEExpertBot.<lambda> at 0x7f79320cdbf8>, 'stat': <function RIPEExpertBot.<lambda> at 0x7f79320cdd90>, 'stat_geolocation': <function RIPEExpertBot.<lambda> at 0x7f79320cdf28>}
init()
mode = 'append'
process()
query_ripe_db_asn = True
query_ripe_db_ip = True
query_ripe_stat_asn = True
query_ripe_stat_geolocation = True
query_ripe_stat_ip = True
redis_cache_db = 10
redis_cache_host = '127.0.0.1'
redis_cache_password = None
redis_cache_port = 6379
redis_cache_ttl = 86400
intelmq.bots.experts.ripe.expert.clean_geo(geo_data)

Clean RIPE reply specifics for geolocation query

intelmq.bots.experts.ripe.expert.clean_string(s)

Clean RIPE reply specifics for splittable string replies

Module contents