Dear colleagues and CERT-ies, dear abuse handling teams, (sorry for big x-posting)
we are happy to announce (finally!) the official 1.0 release of our IntelMQ tool.
What is it? =========== IntelMQ [1] is a free open source tool initially developed by CERT.pt and CERT.at to automatically handle and process the many incident reports (mostly shadowserver and similar) that we receive. At CERT.at it processes many thousands of events per day.
But first of all, let me thank all the contributors and the different teams involved in this collaborative open source effort! Starting with CERT.pt (Tomas Lima and Mauro), BSI, Intevation (Bernhard, Dustin), CZ.NIC, CESNET, CERT Australia, CERT.ee, the IHAP [2] group and many many others. You coded, helped, discussed and attended the regular IHAP meetings which allowed us to discuss your wishes and requirements. This all - combined with the testing and coding efforts that many of you contributed - finally gave us version 1.0. today. We counted at least 45 contributors.
IntelMQ has been running quite stable at CERT.at for nearly a year now and we are processing the bulk of the incident reports with it.
Of course, a 1.0 version always begs for some 1.0.1 bugfixes :) So therefore we would like to ask you to report any bugs or change requests on github's issue tracker [3].
Where can I get it? =================== Follow the instructions in https://github.com/certtools/intelmq/tree/master/docs Note that we also have (.deb, .rpm) packages for download. [10]
Future plans ============= We now tagged the master branch "1.0.0". This will remain stable now. We also started with a new "develop" branch which will become the 1.1 and 2.0 releases in the future. You can read more about our branching strategy here [4] Development will continue towards 1.1 with a set of wishes and requests that we received. You can view them in the issue tracker.
CSP integration =============== Some of you already know that IntelMQ is a tool included into the "Core Service Platform" (CSP) as part of the CSIRT network [5]. We are very proud to offer our open source solution to the CSP.
Integration into your incident handling automation ================================================== If you want to integrate IntelMQ into your incident handling automation environment, please note that you might want to use further tools such as "mail-gen" [6] or "intelmqcli" [7] (residing in separate repositories) which connect your ticket system (OTRS or RT) with IntelMQ.
In case you have questions, we have * an IRC channel on freenode.net (#intelmq) * a users mailing list [8] * a developers mailing list [9]
Thanks again everyone who participated in this open source solution!
& feel free to (re-)tweet #intelmq
L. Aaron Kaplan and Sebastian Wagner, CERT.at
[1] https://github.com/certtools/intelmq/ [2] incident handling automation project. [3] https://github.com/certtools/intelmq/issues [4] https://github.com/certtools/intelmq/blob/master/docs/Developers-Guide.md#re... [5] https://www.enisa.europa.eu/news/enisa-news/2nd-informal-meeting-of-csirt-ne... [6] https://github.com/Intevation/intelmq-mailgen [7] https://github.com/certat/intelmq [8] https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users [9] https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev [10] https://software.opensuse.org//download.html?project=home%3Asebix%3Aintelmq&...
-- // L. Aaron Kaplan kaplan@cert.at - T: +43 1 5056416 78 // CERT Austria - https://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg