-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ENH: Using msgpack instead of json #1819
base: develop
Are you sure you want to change the base?
Commits on Jul 15, 2022
-
Configuration menu - View commit details
-
Copy full SHA for c30a5c9 - Browse repository at this point
Copy the full SHA c30a5c9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 63b848a - Browse repository at this point
Copy the full SHA 63b848aView commit details -
ENH: New expert bot for uWhoisd (#1918)
* ENH: New expert bot for uWhoisd * ENH: Code cleanup, improve tests * DOC: Add documentation for uWhoisd
Configuration menu - View commit details
-
Copy full SHA for e03c14d - Browse repository at this point
Copy the full SHA e03c14dView commit details -
New Bot for Fireeye Appliances
Referring to my mail I created a Parser& Bot which is able to Collect and parse data from fireeye mail and file analysis appliances. We are collection sha1 and MD5 hashed and if there is network communication we are also collecting urls and domains.
Configuration menu - View commit details
-
Copy full SHA for 2dab6a1 - Browse repository at this point
Copy the full SHA 2dab6a1View commit details -
MAINT+BUG: Various fixes in fireeye bots, tests and documentation
rewrite bot bots' parameter handling to current methodology use HTTP mixin for fireeye collector
Configuration menu - View commit details
-
Copy full SHA for e5f55e1 - Browse repository at this point
Copy the full SHA e5f55e1View commit details -
rename fireeye collector to fireeye mas
Fireeye has more products than the MAS system
Configuration menu - View commit details
-
Copy full SHA for f25c996 - Browse repository at this point
Copy the full SHA f25c996View commit details -
DOC: bots: add anchors for all sections
adds the module name of bots as section anchor adds the module name to the information block if it was missing or incomplete fixes part of certtools/intelmq-api#4
Configuration menu - View commit details
-
Copy full SHA for a325159 - Browse repository at this point
Copy the full SHA a325159View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2ddb625 - Browse repository at this point
Copy the full SHA 2ddb625View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7476e31 - Browse repository at this point
Copy the full SHA 7476e31View commit details -
Configuration menu - View commit details
-
Copy full SHA for 184d8ff - Browse repository at this point
Copy the full SHA 184d8ffView commit details -
FIX: RDAP checks if entity is valid entity-type
As some RDAP implementation may vary, we check if the entity is a valid entity-type. As of the RFC for RDAP only JSON dicts are allowed. Fixes #1942 Signed-off-by: Sebastian Waldbauer <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ad7f6ab - Browse repository at this point
Copy the full SHA ad7f6abView commit details -
BUG/DOC: updated feodotracker browse parser confiuration
- adapted docs - added news entry - added upgrade config - added upgrade config test - added html table parser test fixes #1938
Configuration menu - View commit details
-
Copy full SHA for 1f24793 - Browse repository at this point
Copy the full SHA 1f24793View commit details -
ENH: add honeypot_brute_force and corresponding tests
... and add legacy tag to drone_brute_force which it replaces
Configuration menu - View commit details
-
Copy full SHA for 9639874 - Browse repository at this point
Copy the full SHA 9639874View commit details -
ENH: add honeypot_ddos_amp and corresponding tests (#1950)
add legacy tag to application_ddos_victim Co-authored-by: Wagner <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7c79954 - Browse repository at this point
Copy the full SHA 7c79954View commit details -
Configuration menu - View commit details
-
Copy full SHA for 89cec4c - Browse repository at this point
Copy the full SHA 89cec4cView commit details -
The cache mixin replaces the cache lib and adds the possibility to inherit the mixin in classes. Signed-off-by: Sebastian Waldbauer <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c48716e - Browse repository at this point
Copy the full SHA c48716eView commit details -
FIX: Removed some old cache code
Signed-off-by: Sebastian Waldbauer <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0810f7d - Browse repository at this point
Copy the full SHA 0810f7dView commit details -
DOC: add license information to all the files
This commit adds license information to a lot of files and adds a .reuse/dep5 file that lists the license information for some folders The commit also changes the main license in setup.cfg from AGPL-3.0-only to AGPL-3.0-or-later because only one file has the AGPL-3.0-only file as license and multiple files have the AGPL-3.0-or-later in the license header. It also removes the cef_logo.png file, as there is no information about the licese anywhere to be found. It is now included directly from the website of the european union. Closes #1633
Configuration menu - View commit details
-
Copy full SHA for 3816ef0 - Browse repository at this point
Copy the full SHA 3816ef0View commit details -
Configuration menu - View commit details
-
Copy full SHA for a869320 - Browse repository at this point
Copy the full SHA a869320View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4b4ac75 - Browse repository at this point
Copy the full SHA 4b4ac75View commit details -
ENH: add event_ip_spoofer shadowserver config and corresponding tests
and add legacy tag to shadowserver caida config
Configuration menu - View commit details
-
Copy full SHA for bdec455 - Browse repository at this point
Copy the full SHA bdec455View commit details -
ENH: add event4_honeypot_darknet shadowserver config & tests
and add legacy tag to darknet config
Configuration menu - View commit details
-
Copy full SHA for 0926b38 - Browse repository at this point
Copy the full SHA 0926b38View commit details -
ENH: add event46_sinkhole shadowserver config & tests
and add legacy tag to the configs it replaces and update changelog and documentation accordingly
Configuration menu - View commit details
-
Copy full SHA for df77cda - Browse repository at this point
Copy the full SHA df77cdaView commit details -
Configuration menu - View commit details
-
Copy full SHA for cffc303 - Browse repository at this point
Copy the full SHA cffc303View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0adf048 - Browse repository at this point
Copy the full SHA 0adf048View commit details -
ENH+DOC: shadowserver exchange feed
fix mapping use compromised type if the data indicates an active webshell plus add testcases add changelog update bots documentation
Configuration menu - View commit details
-
Copy full SHA for 9aec5f5 - Browse repository at this point
Copy the full SHA 9aec5f5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8f115c8 - Browse repository at this point
Copy the full SHA 8f115c8View commit details -
Configuration menu - View commit details
-
Copy full SHA for b6dcaf9 - Browse repository at this point
Copy the full SHA b6dcaf9View commit details -
enhance mappings add 4/6 agnostic mapping for `Sinkhole-Events` as well document feeds with IPv4 and IPv6 better and shorter
Configuration menu - View commit details
-
Copy full SHA for a5941ce - Browse repository at this point
Copy the full SHA a5941ceView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8e0463b - Browse repository at this point
Copy the full SHA 8e0463bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9754252 - Browse repository at this point
Copy the full SHA 9754252View commit details -
DOC: Document the licenses of all the files
This commit adds a license header or a license file to most of the files, or documents the license in the .reuse/dep5 license file. Some of the process was automated, first by listing all the files that are not reuse lint compliant: > reuse lint > ../reuse.lst This list was then modified to remove metainformation and only list filenames. Also a couple of filenames that need manual modification were removed. Then using git and reuse: > for file in `cat ../reuse.lst`; do year=`git log --reverse --pretty="format:%ai" $file | head -1 | cut -d "-" -f 1`; author=`git log --reverse --pretty="format:%an" $file|head -1`; reuse addheader --copyright="$author" --year="$year" --license="AGPL-3.0-or-later" --skip-unrecognised $file; done Then the same process was repeated for files reuse does not recognize, like csv and json files or REQUIREMENTS.txt files.
Configuration menu - View commit details
-
Copy full SHA for c7f9cd2 - Browse repository at this point
Copy the full SHA c7f9cd2View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1443ebf - Browse repository at this point
Copy the full SHA 1443ebfView commit details -
Configuration menu - View commit details
-
Copy full SHA for 30eeb56 - Browse repository at this point
Copy the full SHA 30eeb56View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9b05242 - Browse repository at this point
Copy the full SHA 9b05242View commit details -
harm: rename compromised to system-compromise
match with RSIT in the taxonomy intrusions: compromised -> system-compromise unauthorized-command -> system-compromise unauthorized-login -> system-compromise adapt bots depending on the name add changelog and news entries, including SQL update statements
Configuration menu - View commit details
-
Copy full SHA for 8c21411 - Browse repository at this point
Copy the full SHA 8c21411View commit details -
merged into information-content-security > unauthorised-information-modification adapt bots depending on the name add changelog and news entries, including SQL update statements
Configuration menu - View commit details
-
Copy full SHA for f64c422 - Browse repository at this point
Copy the full SHA f64c422View commit details -
Configuration menu - View commit details
-
Copy full SHA for 75acec4 - Browse repository at this point
Copy the full SHA 75acec4View commit details -
DEP: rmeove deprecated ripencc expert
was renamed and marked as deprecated in 2.0.0.beta1 #1404
Configuration menu - View commit details
-
Copy full SHA for 37acdea - Browse repository at this point
Copy the full SHA 37acdeaView commit details -
DEP: modify expert: remove compat with old format
Compatibility with the deprecated configuration format (before 1.0.0.dev7) was removed. #1404
Configuration menu - View commit details
-
Copy full SHA for 2ca649e - Browse repository at this point
Copy the full SHA 2ca649eView commit details -
DEP: remove deprecated database update scripts
The deprecated shell scripts - `update-asn-data` - `update-geoip-data` - `update-tor-nodes` - `update-rfiprisk-data` have been removed in favor of the built-in update-mechanisms (see the bots' documentation). A crontab file for calling all new update command can be found in `contrib/cron-jobs/intelmq-update-database`. #1404
Configuration menu - View commit details
-
Copy full SHA for ac2ae40 - Browse repository at this point
Copy the full SHA ac2ae40View commit details -
DOC: n6: add more illustrations
add two n6 images directly to the repository, as they are not displayed on readthedocs otherwise: The other websites hosting the images block loading images if the referer does not match a whitelist. we can't add a noreferer HTML attribute in rst as well. the option left is to add the files, that only implies adding the licensing information and the AGPL-3.0 license text as well. add two illustrations on the the flow n6 to intelmq and vice versa, own work. some textual improvements in the document itself.
Configuration menu - View commit details
-
Copy full SHA for b55afef - Browse repository at this point
Copy the full SHA b55afefView commit details -
The Aggregate Expert might be used to aggregate events within a given timespan and threshold. Signed-off-by: Sebastian Waldbauer <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 94fa7f8 - Browse repository at this point
Copy the full SHA 94fa7f8View commit details -
[ENH] Using msgpack instead of json
Using msgpack instead of json results in faster (de)serialize and less memory usage. Redis is also capable of msgpack within its lua api i.e. https://github.com/kengonakajima/lua-msgpack-native. ====== Benchmark ======= JSON median size: 387 MSGPACK median size: 329 ------------------------ Diff: 16.20% JSON * Serialize: 39286 * Deserialize: 30713 MSGPACK * Serialize: 23483 * Deserialize: 12602 --------------------- DIFF * Serialize: 50.35% * Deserialize: 83.62% Data extracted from spamhaus-collector Measurements based on deduplicator-expert 460 events in total process by deducplicator-expert Signed-off-by: Sebastian Waldbauer <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e97db41 - Browse repository at this point
Copy the full SHA e97db41View commit details -
FIX: More generic way of using different (de)-serializers
Signed-off-by: Sebastian Waldbauer <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1253c3e - Browse repository at this point
Copy the full SHA 1253c3eView commit details