On 12/13/24 6:38 PM, Sebix wrote:
On 12/13/24 1:29 PM, Mika Silander via IntelMQ-dev wrote:
I'm attempting to find a suitable collector for retrieving the Abusech Feodo Tracker feed (https://feodotracker.abuse.ch/downloads/ipblocklist.json). Afaiks, the ready-made Abusech Feodo Tracker parser expects reports in plain JSON but the available http collectors are manipulating the retrieved information in one way or the other before passing it on to the parser.
Not sure what you mean with the http collector data manipulation, but to me it appears that the feodotracker is either dysfunctional or dead. Not one of the data feed files contains actual data.
Never mind, the other feeds are empty because there's simply no data.😇️
Parsing the mentioned https://feodotracker.abuse.ch/downloads/ipblocklist.json works fine with intelmq.bots.parsers.abusech.parser_feodotracker as documented in https://docs.intelmq.org/latest/user/feeds/#feodo-tracker
Could you please describe what erroneous behavior you see?
best regards Sebastian