Skip to content

Commit 36e4688

Browse files
laciKElaciKE
committed
Add TAXII and STIX bots documentation
1 parent b89c846 commit 36e4688

File tree

1 file changed

+76
-0
lines changed

1 file changed

+76
-0
lines changed

docs/user/bots.md

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1276,6 +1276,40 @@ Also, you will need to know an appropriate STOMP *destination* (aka
12761276

12771277
(optional, string) Password to use.
12781278

1279+
---
1280+
1281+
### TAXII <div id="intelmq.bots.collectors.taxii.collector" />
1282+
1283+
Collects indicator objects from TAXII server.
1284+
1285+
**Module:** `intelmq.bots.collectors.taxii.collector`
1286+
1287+
**Requirements**
1288+
1289+
Install `taxii2-client` module:
1290+
1291+
```bash
1292+
pip3 install -r intelmq/bots/collectors/taxii/REQUIREMENTS.txt
1293+
```
1294+
1295+
**Parameters (also expects [feed parameters](#feed-parameters)):**
1296+
1297+
**`username`**
1298+
1299+
(required, string) TAXII username.
1300+
1301+
**`password`**
1302+
1303+
(required, string) TAXII password.
1304+
1305+
**`collection`**
1306+
1307+
(required, string) The URL of collection to fetch.
1308+
1309+
**`time_delta`**
1310+
1311+
(optional, integer) The time (in seconds) span to look back. Default to 3600.
1312+
12791313
## Parser Bots
12801314

12811315
If not set differently during parsing, all parser bots copy the following fields from the report to an event:
@@ -2238,6 +2272,48 @@ No additional parameters.
22382272

22392273
---
22402274

2275+
### STIX <div id="intelmq.bots.parsers.stix.parser" />
2276+
2277+
Parses indicators objects in STIX format received by TAXII collector.
2278+
2279+
**Module:** `intelmq.bots.parsers.stix.parser`
2280+
2281+
**Requirements**
2282+
2283+
Install `stix2-patterns` module:
2284+
2285+
```bash
2286+
pip3 install -r intelmq/bots/parsers/stix/REQUIREMENTS.txt
2287+
```
2288+
2289+
No additional parameters.
2290+
2291+
---
2292+
2293+
### STIX <div id="intelmq.bots.parsers.stix.parser_eset" />
2294+
2295+
Parses ESET Threat Intelligence feeds.
2296+
2297+
This bot Parses indicators objects in STIX format received by TAXII collector
2298+
from ESET Threat Intelligence TAXII server.
2299+
Then it analyzes event's comments based on STIX indicator's description
2300+
and it adds classification.type and malware family info.
2301+
It is recommended to apply TaxonomyExpertBot then to map the taxonomy.
2302+
2303+
**Module:** `intelmq.bots.parsers.stix.parser_eset`
2304+
2305+
**Requirements**
2306+
2307+
Install `stix2-patterns` module:
2308+
2309+
```bash
2310+
pip3 install -r intelmq/bots/parsers/stix/REQUIREMENTS.txt
2311+
```
2312+
2313+
No additional parameters.
2314+
2315+
---
2316+
22412317
### Surbl <div id="intelmq.bots.parsers.surbl.parser" />
22422318

22432319
Parses data from surbl feed.

0 commit comments

Comments
 (0)