intelmq.bots.outputs.rt namespace¶
Submodules¶
intelmq.bots.outputs.rt.output module¶
Request Tracker output bot
Creates a ticket in the specified queue Parameters: rt_uri, rt_user, rt_password, verify_cert - RT API endpoint queue - ticket destination queue cf_mapping - mapping attributes-ticket CFs final_status - what is final status for the created ticket create_investigation - should we create Investigation ticket (in case of RTIR workflow) fieldnames - attributes to include into investigation ticket description_attr - which event attribute contains text message being sent to the recipient
-
intelmq.bots.outputs.rt.output.BOT¶
-
class
intelmq.bots.outputs.rt.output.RTOutputBot(bot_id: str, start: bool = False, sighup_event=None, disable_multithreading: bool = None)¶ Bases:
intelmq.lib.bot.BotRequest Tracker ticket creation bot. Create linked Investigation queue ticket if needed, according to the RTIR flow
-
cf_mapping= {'classification.taxonomy': 'Classification', 'classification.type': 'Incident Type', 'event_description.text': 'Description', 'extra.incident.importance': 'Importance', 'extra.incident.severity': 'Incident Severity', 'extra.organization.name': 'Customer', 'source.ip': 'IP'}¶
-
create_investigation= False¶
-
description_attr= 'event_description.text'¶
-
final_status= 'resolved'¶
-
init()¶
-
investigation_fields= 'time.source,time.observation,source.ip,source.port,source.fqdn,source.url,classification.taxonomy,classification.type,classification.identifier,event_description.url,event_description.text,malware.name,protocol.application,protocol.transport'¶
-
process()¶
-
queue= 'Incidents'¶
-
rt_password= None¶
-
rt_uri= 'http://localhost/REST/1.0'¶
-
rt_user= 'apiuser'¶
-
verify_cert= True¶
-