intelmq.bots.experts.ripe package¶
Submodules¶
intelmq.bots.experts.ripe.expert module¶
Reference: https://stat.ripe.net/docs/data_api https://github.com/RIPE-NCC/whois/wiki/WHOIS-REST-API-abuse-contact
-
intelmq.bots.experts.ripe.expert.
BOT
¶
-
class
intelmq.bots.experts.ripe.expert.
RIPEExpertBot
(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)¶ Bases:
intelmq.lib.bot.Bot
,intelmq.lib.mixins.cache.CacheMixin
Fetch abuse contact and/or geolocation information for the source and/or destination IP addresses and/or ASNs of the events
-
GEOLOCATION_REPLY_TO_INTERNAL
= {('cc', 'country'), ('city', 'city'), ('latitude', 'latitude'), ('longitude', 'longitude')}¶
-
QUERY
= {'db_asn': 'https://rest.db.ripe.net/abuse-contact/as{}.json', 'db_ip': 'https://rest.db.ripe.net/abuse-contact/{}.json', 'stat': 'https://stat.ripe.net/data/abuse-contact-finder/data.json?resource={}', 'stat_geolocation': 'https://stat.ripe.net/data/maxmind-geo-lite/data.json?resource={}'}¶
-
REPLY_TO_DATA
= {'db_asn': <function RIPEExpertBot.<lambda>>, 'db_ip': <function RIPEExpertBot.<lambda>>, 'stat': <function RIPEExpertBot.<lambda>>, 'stat_geolocation': <function RIPEExpertBot.<lambda>>}¶
-
init
()¶
-
mode
: str = 'append'¶
-
process
()¶
-
query_ripe_db_asn
: bool = True¶
-
query_ripe_db_ip
: bool = True¶
-
query_ripe_stat_asn
: bool = True¶
-
query_ripe_stat_geolocation
: bool = True¶
-
query_ripe_stat_ip
: bool = True¶
-
redis_cache_db
: int = 10¶
-
redis_cache_host
: str = '127.0.0.1'¶
-
redis_cache_password
: str = None¶
-
redis_cache_port
: int = 6379¶
-
redis_cache_ttl
: int = 86400¶
-
-
intelmq.bots.experts.ripe.expert.
clean_geo
(geo_data)¶ Clean RIPE reply specifics for geolocation query
-
intelmq.bots.experts.ripe.expert.
clean_string
(s)¶ Clean RIPE reply specifics for splittable string replies