[Intelmq-users] How to extract indicators from IntelMQ

C. L. Martinez carlopmart at gmail.com
Tue Dec 5 14:39:28 CET 2017


Many thanks Aaron. But, where is the film ouptut?

On Tue, Nov 28, 2017 at 12:35 PM, L. Aaron Kaplan <kaplan at cert.at> wrote:
>
> Sorry for me jumping in but I assume C.L. Martinez means if he can use the *data* which IntelMQ processes and use that in SIEMs , IDSes, etc. Right?
>
> If so.... yes! You can. However, IntelMQ focuses on fetching, collecting, filtering and enriching feeds and bringing it into an internal format. It also has several output "bots" which allow you to send the data nearly everywhere.
> On way would be the syslog format. Or the film output. And this you can put into your SIEMs , IDSes etc.
>
> It depends of course what IDSes , SIEMs you use.... But , yes, ... it is possible and even quite easy.
>
> Best,
> a.
>
>
>> On 28 Nov 2017, at 12:32, Sebastian Wagner <wagner at cert.at> wrote:
>>
>> Hi,
>>
>> I am not aware of any existing (public) code that does this.
>>
>> Sebastian
>>
>>
>> On 11/13/2017 02:49 PM, C. L. Martinez wrote:
>>> Hi all,
>>>
>>> Sorry if it is a stupid question, but how can I extract info from the
>>> several bots to re-use them in SIEM, IDS, etc.?
>>>
>>> Thanks,
>>
>> --
>> // Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
>> // CERT Austria - https://www.cert.at/
>> // Eine Initiative der nic.at GmbH - https://www.nic.at/
>> // Firmenbuchnummer 172568b, LG Salzburg
>>
>>
>> --
>> Listen-Einstellungen:
>> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
>
>
> --
> // L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
> // CERT Austria - https://www.cert.at/
> // Eine Initiative der nic.at GmbH - http://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
>
>
>
>


More information about the Intelmq-users mailing list