intelmq.bots.outputs.rt namespace¶
Submodules¶
intelmq.bots.outputs.rt.output module¶
Request Tracker output bot
Creates a ticket in the specified queue Parameters: rt_uri, rt_user, rt_password, verify_cert - RT API endpoint queue - ticket destination queue cf_mapping - mapping attributes-ticket CFs final_status - what is final status for the created ticket create_investigation - should we create Investigation ticket (in case of RTIR workflow) fieldnames - attributes to include into investigation ticket description_attr - which event attribute contains text message being sent to the recipient
-
intelmq.bots.outputs.rt.output.
BOT
¶
-
class
intelmq.bots.outputs.rt.output.
RTOutputBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)¶ Bases:
intelmq.lib.bot.OutputBot
Request Tracker ticket creation bot. Create linked Investigation queue ticket if needed, according to the RTIR flow
-
cf_mapping
= {'classification.taxonomy': 'Classification', 'classification.type': 'Incident Type', 'event_description.text': 'Description', 'extra.incident.importance': 'Importance', 'extra.incident.severity': 'Incident Severity', 'extra.organization.name': 'Customer', 'source.ip': 'IP'}¶
-
create_investigation
= False¶
-
description_attr
= 'event_description.text'¶
-
final_status
= 'resolved'¶
-
init
()¶
-
investigation_fields
= 'time.source,time.observation,source.ip,source.port,source.fqdn,source.url,classification.taxonomy,classification.type,classification.identifier,event_description.url,event_description.text,malware.name,protocol.application,protocol.transport'¶
-
process
()¶
-
queue
= 'Incidents'¶
-
rt_password
= None¶
-
rt_uri
= 'http://localhost/REST/1.0'¶
-
rt_user
= 'apiuser'¶
-
verify_cert
= True¶
-