[IntelMQ-dev] RFC on IEP007: Running IntelMQ as Python Library

[Mika Silander]

Hi,

 Reading through the IEP in question, I thought I would find reasons or motivations as to why having a library is desired. It's possible I've missed discussions or mails and the reasons have been discussed/documented elsewhere.

 Having worked hard during more than two years to get IntelMQ up in production and now only waiting for the required servers to arrive, I'm reluctant to have any major changes to the code base (=my vote). If the implementation you choose for IEP is the API-breaking generator one, please, if at all possible, consider implementing wrappers, decorators or the like to maintain the old process method (and friends) available for some time onwards. This would give the bot developers (me included) time to adapt our own bots to this new approach.

Br, Mika

P.S: IntelMQ was the easier part, most of those two years mentioned above has been spent on getting the other interconnected systems and interfaces to them working. 


----- Original Message -----
From: "Sebix" <sebix at sebix.at>
To: "intelmq-dev" <intelmq-dev at lists.cert.at>
Sent: Monday, 24 April, 2023 19:31:39
Subject: [IntelMQ-dev] RFC on IEP007: Running IntelMQ as Python Library

Dear community,

I invite you to discuss a new (IEP - IntelMQ Enhancement Proposal)

IEP007: Running IntelMQ as Python Library

Have you ever wondered if you can write a Python script, call a bot's
process method, pass it some data and get back the enriched/modified data?
(pseudo code)
bot_instance = Bot(parameters)
bot_instance.process_message(input message) -> output messages

Strictly speaking, it *is* actually possible with the current version,
but it requires some bizarre hacks like re-defining Bot's methods and
overwriting internal values.
Staying on the wishlist for quite a while, we intend to implement the
feature now. I started the IEP007 draft and need some input from you to
maximize the benefit for all the IntelMQ community (developers):
https://github.com/certtools/ieps/pull/7/files
Or in a readable display: https://github.com/certtools/ieps/tree/iep-007/007

What features and interfacing options would you expect when starting the
bot as a library?

Do you think the `Bot.process` method should be rewritten entirely now,
removing the calls receive_message/send_message and converting the
method into a generator (an API-breaking change)? And if yes, should
this be done in one step, or separated from this bot-as-library feature,
reducing the complexity of development steps?

Looking forward for your ideas
Sebastian

-- 
Institute for Common Good Technology
gemeinnütziger Kulturverein - nonprofit cultural society
https://sebix.at/
ZVR 1510673578



_______________________________________________
IntelMQ-dev mailing list
https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
https://intelmq.readthedocs.io/