[Intelmq-users] How to extract indicators from IntelMQ

L. Aaron Kaplan kaplan at cert.at
Tue Nov 28 12:35:33 CET 2017


Sorry for me jumping in but I assume C.L. Martinez means if he can use the *data* which IntelMQ processes and use that in SIEMs , IDSes, etc. Right?

If so.... yes! You can. However, IntelMQ focuses on fetching, collecting, filtering and enriching feeds and bringing it into an internal format. It also has several output "bots" which allow you to send the data nearly everywhere.
On way would be the syslog format. Or the film output. And this you can put into your SIEMs , IDSes etc.

It depends of course what IDSes , SIEMs you use.... But , yes, ... it is possible and even quite easy.

Best,
a.


> On 28 Nov 2017, at 12:32, Sebastian Wagner <wagner at cert.at> wrote:
> 
> Hi,
> 
> I am not aware of any existing (public) code that does this.
> 
> Sebastian
> 
> 
> On 11/13/2017 02:49 PM, C. L. Martinez wrote:
>> Hi all,
>> 
>> Sorry if it is a stupid question, but how can I extract info from the
>> several bots to re-use them in SIEM, IDS, etc.?
>> 
>> Thanks,
> 
> --
> // Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
> // CERT Austria - https://www.cert.at/
> // Eine Initiative der nic.at GmbH - https://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
> 
> 
> --
> Listen-Einstellungen:
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users


--
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20171128/2745a3b8/attachment.sig>


More information about the Intelmq-users mailing list