Guía de configuración de bots para CSIRTAmericas

Introducción

La presente guía trabaja utilizando IntelMQ y el repositorio de bots creado por CERTUNLP (https://github.com/CERTUNLP/intelmq-bots) para el consumo de feeds otorgados por CSIRTAmericas.

Ejemplo de creación de bots en IntelMQ

link

Parámetros generales de configuración de bots para CSIRTAmericas

link

Valores de configuración de cada bot según el feed

Category	SubType	Provider	Configuration
vulnerability	vulnerable_system	shodan	link
vulnerability	vulnerable_system	publicwww	link
vulnerability	vulnerable_system	LeakIX	link
vulnerability	virtualization_internet_facing	shodan	link
defacement	compromised_website	publicwww	link
defacement	compromised_website	zone-h (published)	link
defacement	compromised_website	zone-h (not published)	link
spam	spam_site	publicwww	link
spam	spam_relay	abusix	link
spam	spam_relay_daily	abusix	link
spam	spam_account	abusix	link
spam	spam_account_government	abusix	link
spam	spam_account_daily	abusix	link
spam	spam_account_government_daily	abusix	link
cryptojacking	cryptojacking_site	publicwww	link
ics-scada	ics_scada_internet_facing	shodan	link
phishing	phishing_domains	phishtank	link
malware	infected_connections	microsoft	link
infoleak	data_leak	intelx	link