[Intelmq-dev] Twitter bot a proposal
Vaclav Bruzek
vasek.bruzek at gmail.com
Wed Oct 18 10:28:01 CEST 2017
Hi,
recently I've discovered that there are a lot of security analysts actively
participating on Twitter. By participating I mean that they are posting
quite interesting data (@illegalFawn for example) and i thought that even
if the the amount of data being posted there is not that great it could
provide an interesting source of iocs, which could take traditional feeds a
lot of time to publish. For this a played a bit with the Twitter official
rest api and produced a demo which I would like to get your feedback on it
and what you think could be improved. The code can be found here:
https://codeshare.io/aVKXq9. The bot so far works like this: except for the
necessary parameters for twitter api it requires two lists of users, one
represents accounts which timeline will be processed (this is the feed-like
behaviour) the other list represents the users which mark the interesting
tweets (presumably "owners" of the bot) that should be downloaded the
"mark" here means like. This behaviour allows for automatic collection of
data from accounts like I've posted on the beginning, which post feed-like
information and a manual selection of interesting tweets from accounts
which post "various" posts. The bot gets tweets in bulk, that means that it
gets all the tweets and liked tweets and passes them on in concatenated
report. I've consulted this bot with Sebastian Wagner and he pointed out
some weaknesses of this way mainly data and feed classification. A better
approach is probably by creating a report for each individual which eases
the classification (which could be now done using hashtags if present). The
bot lacks a lot of comments and documentation so ask away if some features
are not clear. Again, I'd like to get your feedback and opinions on this
since I think it could be an interesting addition to intelmq ecosystem.
Sincerely,
Václav Brůžek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20171018/54133929/attachment.html>
More information about the Intelmq-dev
mailing list