On 12/13/24 6:38 PM, Sebix wrote:

On 12/13/24 1:29 PM, Mika Silander via IntelMQ-dev wrote:

I'm attempting to find a suitable collector for retrieving the Abusech Feodo Tracker feed (https://feodotracker.abuse.ch/downloads/ipblocklist.json). Afaiks, the ready-made Abusech Feodo Tracker parser expects reports in plain JSON but the available http collectors are manipulating the retrieved information in one way or the other before passing it on to the parser.

Not sure what you mean with the http collector data manipulation, but to me it appears that the feodotracker is either dysfunctional or dead. Not one of the data feed files contains actual data.

Never mind, the other feeds are empty because there's simply no data. 😇️

Parsing the mentioned
https://feodotracker.abuse.ch/downloads/ipblocklist.json
works fine with
intelmq.bots.parsers.abusech.parser_feodotracker
as documented in https://docs.intelmq.org/latest/user/feeds/#feodo-tracker

Could you please describe what erroneous behavior you see?

best regards
Sebastian

-- 
Institute for Common Good Technology
gemeinnütziger Kulturverein - nonprofit cultural society
https://commongoodtechnology.org/
ZVR 1510673578