Hi,

recently I've discovered that there are a lot of security analysts actively participating on Twitter. By participating I mean that they are posting quite interesting data (@illegalFawn for example) and i thought that even if the the amount of data being posted there is not that great it could provide an interesting source of iocs, which could take traditional feeds a lot of time to publish. For this a played a bit with the Twitter official rest api and produced a demo which I would like to get your feedback on it and what you think could be improved. The code can be found here: https://codeshare.io/aVKXq9. The bot so far works like this: except for the necessary parameters for twitter api it requires two lists of users, one represents accounts which timeline will be processed (this is the feed-like behaviour) the other list represents the users which mark the interesting tweets (presumably "owners" of the bot) that should be downloaded the "mark" here means like. This behaviour allows for automatic collection of data from accounts like I've posted on the beginning, which post feed-like information and a manual selection of interesting tweets from accounts which post "various" posts. The bot gets tweets in bulk, that means that it gets all the tweets and liked tweets and passes them on in concatenated report. I've consulted this bot with Sebastian Wagner and he pointed out some weaknesses of this way mainly data and feed classification. A better approach is probably by creating a report for each individual which eases the classification (which could be now done using hashtags if present). The bot lacks a lot of comments and documentation so ask away if some features are not clear. Again, I'd like to get your feedback and opinions on this since I think it could be an interesting addition to intelmq ecosystem.

Sincerely, Václav Brůžek