[IntelMQ-dev] A suitable collector for the Abusech Feodo Tracker feed
Sebix
sebix at sebix.at
Fri Dec 13 18:48:23 CET 2024
On 12/13/24 6:38 PM, Sebix wrote:
> On 12/13/24 1:29 PM, Mika Silander via IntelMQ-dev wrote:
>> I'm attempting to find a suitable collector for retrieving the
>> Abusech Feodo Tracker feed
>> (https://feodotracker.abuse.ch/downloads/ipblocklist.json). Afaiks,
>> the ready-made Abusech Feodo Tracker parser expects reports in plain
>> JSON but the available http collectors are manipulating the retrieved
>> information in one way or the other before passing it on to the parser.
>
> Not sure what you mean with the http collector data manipulation, but
> to me it appears that the feodotracker is either dysfunctional or
> dead. Not one of the data feed files contains actual data.
Never mind, the other feeds are empty because there's simply no data.😇️
Parsing the mentioned
https://feodotracker.abuse.ch/downloads/ipblocklist.json
works fine with
intelmq.bots.parsers.abusech.parser_feodotracker
as documented in https://docs.intelmq.org/latest/user/feeds/#feodo-tracker
Could you please describe what erroneous behavior you see?
best regards
Sebastian
--
Institute for Common Good Technology
gemeinnütziger Kulturverein - nonprofit cultural society
https://commongoodtechnology.org/
ZVR 1510673578
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20241213/ae0e1096/attachment.htm>
More information about the IntelMQ-dev
mailing list