Dear colleagues and CERT-ies, dear abuse handling teams,
(sorry for big x-posting)
we are happy to announce (finally!) the official 1.0 release of our IntelMQ tool.
What is it?
===========
IntelMQ [1] is a free open source tool initially developed by CERT.pt and CERT.at to automatically handle and process the many incident reports (mostly shadowserver and similar) that we receive.
At CERT.at it processes many thousands of events per day.
But first of all, let me thank all the contributors and the different teams involved in this collaborative open source effort! Starting with CERT.pt (Tomas Lima and Mauro), BSI, Intevation (Bernhard, Dustin), CZ.NIC, CESNET, CERT Australia, CERT.ee, the IHAP [2] group and many many others. You coded, helped, discussed and attended the regular IHAP meetings which allowed us to discuss your wishes and requirements. This all - combined with the testing and coding efforts that many of you contributed - finally gave us version 1.0. today.
We counted at least 45 contributors.
IntelMQ has been running quite stable at CERT.at for nearly a year now and we are processing the bulk of the incident reports with it.
Of course, a 1.0 version always begs for some 1.0.1 bugfixes :) So therefore we would like to ask you to report any bugs or change requests on github's issue tracker [3].
Where can I get it?
===================
Follow the instructions in https://github.com/certtools/intelmq/tree/master/docs
Note that we also have (.deb, .rpm) packages for download. [10]
Future plans
=============
We now tagged the master branch "1.0.0". This will remain stable now.
We also started with a new "develop" branch which will become the 1.1 and 2.0 releases in the future.
You can read more about our branching strategy here [4]
Development will continue towards 1.1 with a set of wishes and requests that we received. You can view them in the issue tracker.
CSP integration
===============
Some of you already know that IntelMQ is a tool included into the "Core Service Platform" (CSP) as part of the CSIRT network [5].
We are very proud to offer our open source solution to the CSP.
Integration into your incident handling automation
==================================================
If you want to integrate IntelMQ into your incident handling automation environment, please note that you might want to use further tools such as "mail-gen" [6] or "intelmqcli" [7] (residing in separate repositories) which connect your ticket system (OTRS or RT) with IntelMQ.
In case you have questions, we have
* an IRC channel on freenode.net (#intelmq)
* a users mailing list [8]
* a developers mailing list [9]
Thanks again everyone who participated in this open source solution!
& feel free to (re-)tweet #intelmq
L. Aaron Kaplan and Sebastian Wagner,
CERT.at
[1] https://github.com/certtools/intelmq/
[2] incident handling automation project.
[3] https://github.com/certtools/intelmq/issues
[4] https://github.com/certtools/intelmq/blob/master/docs/Developers-Guide.md#r…
[5] https://www.enisa.europa.eu/news/enisa-news/2nd-informal-meeting-of-csirt-n…
[6] https://github.com/Intevation/intelmq-mailgen
[7] https://github.com/certat/intelmq
[8] https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
[9] https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
[10] https://software.opensuse.org//download.html?project=home%3Asebix%3Aintelmq…
--
// L. Aaron Kaplan <kaplan(a)cert.at> - T: +43 1 5056416 78
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
Hi,
On 08/01/2017 06:44 PM, Vaclav Bruzek wrote:
> #opt/intelmq/etc# intelmqctl start xxx-parser
> intelmqctl: Running intelmqctl as root is highly discouraged!
> intelmqctl: Starting xxx-parser...
> intelmqctl: lastline-parser is running.
> #/opt/intelmq/etc# intelmqctl stop xxx-parser
> intelmqctl: Running intelmqctl as root is highly discouraged!
> intelmqctl: xxx-parser was NOT RUNNING.
Please do not run intelmqctl as root, you may get a lot of wrong
permissions. Please check them all in /opt/intelmq/ (and all
sub-directories) before continuing.
Then check the logfiles and - if that does not reveal anything -
otherwise start the both with `intelmqctl run bot-id`. See also
https://github.com/certtools/intelmq/blob/develop/docs/FAQ.md#my-bots-died-…
and
https://github.com/certtools/intelmq/blob/develop/docs/intelmqctl.mdDistrib…
ID: elementary
> Description: elementary OS 0.4.1 Loki
something base on 16.04
> intelmq (1.0.0.dev8)
You missed the rc1
> Intelmqctl is located in /usr/local/bin/ next to all intelmq.bots.*
> files (now with my custom bot file definitions)
Sebastian
--
// Sebastian Wagner <wagner(a)cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
Hi,
The setup.py reads intelmq/bots/BOTS file during installation and
installs all bots as script. intelmqctl and others are installed in the
same manner.
Which operating system are you using? Which version of intelmq are you
using? Please show the output of `pip3 list`. Where is intelmqctl
located? Which other intelmq.* files are there? What was the complete
(!) output of the mentioned commands?
Without more information I really can't help. I am not a fortuneteller.
Unfortunately.
Sebastian
On 08/01/2017 10:43 AM, Vaclav Bruzek wrote:
> Hi,
> I've trid several methods of installtion:
> - pip3 install . (with and withou -e option)
> - python3 setup.py install
>
> with simmilar degree of success that is not having the deffinitions in
> /usr/local/bin/
>
> intelmqctl wtih bot id sais following:
> intelmqctl: Starting xxxx-parser...
> intelmqctl: xxxx-parser failed to START because the file cannot be found.
>
>
> On 17 July 2017 at 12:26, Sebastian Wagner <wagner(a)cert.at
> <mailto:wagner@cert.at>> wrote:
>
> Hi,
>
> On 07/14/2017 04:05 PM, Vaclav Bruzek wrote:
>> I had the definition in BOTS and configs, the files were there as
>> specified by the path. It was suggested to me that that the
>> definitons in /usr/local/bin/"bot path" were missing which indeed
>> was true but creating the respective files solved some issues and
>> created some more as it happens.
> You created the files /usr/local/bin/intelmq.bots... manually?
> Better let them created by installing intelmq with pip. After
> adding new bots, you need to run the installation method again. It
> creates the executables in the bin-directory for you.
> See also
> https://github.com/certtools/intelmq/blob/master/docs/Developers-Guide.md#u…
> <https://github.com/certtools/intelmq/blob/master/docs/Developers-Guide.md#u…>
>
>> The intelmqctl now recognizes the bots and runs them, but when I
>> try to stop the bot it displays that the bot wasn't running.
> What does `intelmqctl run bot-id` show?
>
> Sebastian
>
> --
> // Sebastian Wagner <wagner(a)cert.at> <mailto:wagner@cert.at> - T: +43 1 5056416 7201
> // CERT Austria - https://www.cert.at/
> // Eine Initiative der nic.at <http://nic.at> GmbH - https://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
>
>
> --
> S pozdravem,
> Václav Brůžek
--
// Sebastian Wagner <wagner(a)cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
I've recently opened an issue (
https://github.com/certtools/intelmq/issues/1038) regarding my custom bots
which the intelmq was unable to find and run. I had the definition in BOTS
and configs, the files were there as specified by the path. It was
suggested to me that that the definitons in /usr/local/bin/"bot path" were
missing which indeed was true but creating the respective files solved some
issues and created some more as it happens. The intelmqctl now recognizes
the bots and runs them, but when I try to stop the bot it displays that the
bot wasn't running.
--
S pozdravem,
Václav Brůžek