intelmq.bots.outputs.rt namespace

Submodules

intelmq.bots.outputs.rt.output module

Request Tracker output bot

Creates a ticket in the specified queue Parameters: rt_uri, rt_user, rt_password, verify_cert - RT API endpoint queue - ticket destination queue cf_mapping - mapping attributes-ticket CFs final_status - what is final status for the created ticket create_investigation - should we create Investigation ticket (in case of RTIR workflow) fieldnames - attributes to include into investigation ticket description_attr - which event attribute contains text message being sent to the recipient

intelmq.bots.outputs.rt.output.BOT

alias of intelmq.bots.outputs.rt.output.RTOutputBot

class intelmq.bots.outputs.rt.output.RTOutputBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: Optional[bool] = None)

Bases: intelmq.lib.bot.Bot

Request Tracker ticket creation bot. Create linked Investigation queue ticket if needed, according to the RTIR flow

cf_mapping = {'classification.taxonomy': 'Classification', 'classification.type': 'Incident Type', 'event_description.text': 'Description', 'extra.incident.importance': 'Importance', 'extra.incident.severity': 'Incident Severity', 'extra.organization.name': 'Customer', 'source.ip': 'IP'}

create_investigation: bool = False

description_attr: str = 'event_description.text'

final_status: str = 'resolved'

init()

investigation_fields: str = 'time.source,time.observation,source.ip,source.port,source.fqdn,source.url,classification.taxonomy,classification.type,classification.identifier,event_description.url,event_description.text,malware.name,protocol.application,protocol.transport'

process()

queue: str = 'Incidents'

rt_password: str = None

rt_uri: str = 'http://localhost/REST/1.0'

rt_user: str = 'apiuser'

verify_cert: bool = True