Running IntelMQ as Library
Introduction
The feature is specified in IEP007.
Quickstart
First, import the Python module and a helper. More about the BotLibSettings later.
from intelmq.lib.bot import BotLibSettings
from intelmq.bots.experts.domain_suffix.expert import DomainSuffixExpertBot
Then we need to initialize the bot's instance. We pass two parameters:
bot_id: The id of the botsettings: A Python dictionary of runtime configuration parameters, seeruntime-configuration. The bot first loads the runtime configuration file if it exists. Then we update them with theBotLibSettingswhich are some accumulated settings disabling the logging to files and configure the pipeline so that we can send and receive messages directly to/from the bot. Last by not least, the actual bot parameters, taking the highest priority.
domain_suffix = DomainSuffixExpertBot('domain-suffix', # bot id
settings=BotLibSettings | {
'field': 'fqdn',
'suffix_file': '/usr/share/publicsuffix/public_suffix_list.dat'}
As the bot is not fully initialized, we can process messages now. Inserting a message as dictionary:
The return value is a dictionary of queues, e.g. the output queue and the error queue. More details below.
The methods accepts multiple messages as positional argument:
domain_suffix.process_message(
{'source.fqdn': 'www.example.com'},
{'source.fqdn': 'www.example.net'}
)
domain_suffix.process_message(*[
{'source.fqdn': 'www.example.com'},
{'source.fqdn': 'www.example.net'}
])
Select the output queue (as defined in destination_queues), first message, access the field source.domain_suffix:
Configuration
Configuration files are not required to run IntelMQ as library. Contrary to IntelMQ normal behavior, if the files runtime.yaml and harmonization.conf do not exist, IntelMQ won't raise any errors. For the harmonization configuration, internal defaults are loaded.