intelmq-extensions 1.10.0__py3-none-any.whl → 1.11.0__py3-none-any.whl

intelmq_extensions/bots/experts/iban_extractor/expert.py

@@ -0,0 +1,75 @@
+"""
+IBAN Extractor looks for IBAN in the given field and extracts
+information as extra fields, including a hash of the iban
+"""
+
+import hashlib
+import re
+
+import schwifty
+from intelmq.lib.bot import ExpertBot
+
+
+class IBANExtractorExpertBot(ExpertBot):
+    lookup_field: str = "extra.text"
+    default_country: str = "AT"
+    # first group has to match potential IBAN
+    base_regex: str = r"\b(([A-Z]{2}|)( |)[0-9]{2}[0-9 ]{1,30})\b"
+
+    def init(self):
+        self._possible_iban = re.compile(self.base_regex)
+
+    def process(self):
+        event = self.receive_message()
+
+        lookup_data = event.get(self.lookup_field)
+        if not lookup_data:
+            self.logger.info("Lookup data not found in the event.")
+            self.send_message(event, path="no_lookup_data", path_permissive=True)
+            self.send_message(event, path="not_found", path_permissive=True)
+            self.acknowledge_message()
+            return
+
+        iban = None
+        for match in self._possible_iban.finditer(lookup_data):
+            iban_str = match.group(1).strip()
+            if iban_str[0] in "0123456789":
+                iban_str = self.default_country + iban_str
+            try:
+                iban = schwifty.IBAN(iban_str)
+                break
+            except Exception:
+                pass
+
+        if not iban:
+            self.send_message(event, path="not_found", path_permissive=True)
+            self.acknowledge_message()
+            return
+
+        event.add("extra.iban", str(iban), overwrite=False)
+        event.add(
+            "source.geolocation.cc",
+            iban.country_code,
+            overwrite=False,
+            raise_failure=False,
+        )
+        event.add(
+            "extra.bic",
+            str(iban.bic) if iban.bic else None,
+            overwrite=False,
+            raise_failure=False,
+        )
+        event.add(
+            "extra.bank",
+            str(iban.bank_short_name) if iban.bank_short_name else None,
+            overwrite=False,
+            raise_failure=False,
+        )
+        iban_hash = hashlib.sha256(str(iban).encode()).hexdigest()
+        event.add("extra.iban_hash", iban_hash, overwrite=False)
+
+        self.send_message(event)
+        self.acknowledge_message()
+
+
+BOT = IBANExtractorExpertBot

intelmq_extensions/bots/parsers/generic_json/parser.py

@@ -0,0 +1,86 @@
+# SPDX-FileCopyrightText: 2016 by Bundesamt für Sicherheit in der Informationstechnik,
+# 2016-2021 nic.at GmbH, 2024 Tim de Boer, 2025 Institute for Common Good Technology
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# TODO: merge with the upstream bot
+# TODO: support nested dicts
+"""
+JSON Parser Bot
+Retrieves a base64 encoded JSON-String from raw and converts it into an
+event, adding unknown fields as extra
+"""
+
+from json import dumps as json_dumps
+from json import loads as json_loads
+
+from intelmq.lib.bot import ParserBot
+from intelmq.lib.message import MessageFactory
+from intelmq.lib.utils import base64_decode
+
+
+class JSONGenericParserBot(ParserBot):
+    """Parse IntelMQ-JSON data"""
+
+    splitlines: bool = False
+    multiple_events: bool = False
+
+    def init(self):
+        if self.multiple_events and self.splitlines:
+            raise ValueError(
+                (
+                    "Modes 'splitlines' and 'multiple_events' "
+                    "are not possible at the same time. Please use either one."
+                )
+            )
+
+    def process(self):
+        report = self.receive_message()
+        if self.multiple_events:
+            lines = json_loads(base64_decode(report["raw"]))
+        elif self.splitlines:
+            lines = base64_decode(report["raw"]).splitlines()
+        else:
+            lines = [base64_decode(report["raw"])]
+
+        for line in lines:
+            event = self.new_event(report)
+            if self.multiple_events:
+                event.update(
+                    MessageFactory.from_dict(
+                        line, harmonization=self.harmonization, default_type="Event"
+                    )
+                )
+                event["raw"] = json_dumps(line, sort_keys=True)
+            else:
+                if not isinstance(line, dict):
+                    line_dict = json_loads(line)
+                else:
+                    line_dict = line
+
+                type_harmonization = self.harmonization.get(
+                    line_dict.get("__type", "Event").lower()
+                )
+
+                for k in list(line_dict.keys()):
+                    if k == "__type":
+                        continue
+                    if k not in type_harmonization and not k.startswith("extra."):
+                        line_dict[f"extra.{k}"] = line_dict[k]
+                        del line_dict[k]
+
+                event.update(
+                    MessageFactory.from_dict(
+                        line_dict,
+                        harmonization=self.harmonization,
+                        default_type="Event",
+                    )
+                )
+                event.add("raw", line, overwrite=False)
+            event.add(
+                "classification.type", "undetermined", overwrite=False
+            )  # set to undetermined if input has no classification
+            self.send_message(event)
+        self.acknowledge_message()
+
+
+BOT = JSONGenericParserBot

intelmq_extensions/tests/bots/experts/iban_extractor/test_expert.py

@@ -0,0 +1,74 @@
+# -*- coding: utf-8 -*-
+"""
+Testing IBANExtractorExpertBot.
+"""
+
+import copy
+import unittest
+
+from intelmq_extensions.bots.experts.iban_extractor.expert import IBANExtractorExpertBot
+
+from ....base import BotTestCase
+
+
+class TestIBANExtractorExpertBot(BotTestCase, unittest.TestCase):
+    @classmethod
+    def set_bot(cls):
+        cls.bot_reference = IBANExtractorExpertBot
+        cls.default_input_message = {"__type": "Event"}
+
+    def test_event_no_lookup(self):
+        message = {
+            "__type": "Event",
+            "time.observation": "2015-01-01T00:00:00+00:00",
+            "extra.payload": "foo",
+            "extra.name": "bar",
+            "extra.firmwarerev": 1,
+        }
+        self.input_message = copy.deepcopy(message)
+        self.prepare_bot(destination_queues=["no_lookup_data", "not_found"])
+        self.run_bot(prepare=False)
+        self.assertMessageEqual(0, message, path="no_lookup_data")
+        self.assertMessageEqual(0, message, path="not_found")
+
+    def test_event_no_iban(self):
+        message = {
+            "__type": "Event",
+            "time.observation": "2015-01-01T00:00:00+00:00",
+            "extra.payload": "foo",
+            "extra.name": "bar",
+            "extra.firmwarerev": 1,
+            "extra.text": "adfssdtfghjlkl",
+        }
+        self.input_message = copy.deepcopy(message)
+        self.prepare_bot(destination_queues=["not_found"])
+        self.run_bot(prepare=False)
+        self.assertMessageEqual(0, message, path="not_found")
+
+    def test_iban(self):
+        message = {
+            "__type": "Event",
+            "time.observation": "2015-01-01T00:00:00+00:00",
+            "extra.payload": "foo",
+            "extra.name": "bar",
+            "extra.firmwarerev": 1,
+            "extra.text": (
+                "This is a message with an \n"
+                "artificially generated IBAN number AT 0820111 1532 9734423 \n "
+                "but it still should be valid"
+            ),
+        }
+        self.input_message = copy.deepcopy(message)
+        self.run_bot()
+        message["extra.iban"] = "AT082011115329734423"
+        message["extra.bank"] = "Erste Bank der oesterreichischen Sparkassen AG"
+        message["extra.bic"] = "GIBAATWWXXX"
+        message["extra.iban_hash"] = (
+            "942b348fcca86b81f7465308e2b1b3cb6aaad1c218f9110699ab47cb34b6b1b8"
+        )
+        message["source.geolocation.cc"] = "AT"
+        self.assertMessageEqual(0, message)
+
+
+if __name__ == "__main__":
+    unittest.main()

intelmq_extensions/tests/bots/parsers/generic_json/test_parser.py

@@ -0,0 +1,171 @@
+# SPDX-FileCopyrightText: 2016 Sebastian Wagner
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+# -*- coding: utf-8 -*-
+import base64
+import os
+import unittest
+from json import dumps as json_dumps
+from json import loads as json_loads
+
+import intelmq.lib.test as test
+
+from intelmq_extensions.bots.parsers.generic_json.parser import JSONGenericParserBot
+
+ONELINE_REPORT = {
+    "feed.name": "Test",
+    "raw": (
+        "eyJmZWVkLm5hbWUiOiAiVGVzdCBmZWVkIiwgInJhdyI6ICJabTl2WW"
+        "1GeUNnPT0iLCAiX190eXBlIjogIkV2ZW50IiwgInRpbWUub2JzZXJ2YXRpb24iOiAiMjAxNS0wMS"
+        "0wMVQwMDowMDowMCswMDowMCIsICJjbGFzc2lmaWNhdGlvbi50eXBlIjogInVua25vd24ifQ=="
+    ),
+    "__type": "Report",
+    "time.observation": "2016-10-10T00:00:00+00:00",
+}
+EXAMPLE_EVENT = {
+    "feed.name": "Test feed",
+    "raw": "Zm9vYmFyCg==",
+    "__type": "Event",
+    "time.observation": "2015-01-01T00:00:00+00:00",
+    "classification.type": "undetermined",
+}
+with open(os.path.join(os.path.dirname(__file__), "data.json"), "rb") as fh:
+    RAW = base64.b64encode(fh.read()).decode()
+
+MULTILINE_REPORT = {
+    "feed.name": "Test feed",
+    "raw": RAW,
+    "__type": "Report",
+}
+MULTILINE_EVENTS = [
+    {
+        "feed.name": "Test feed",
+        "raw": base64.b64encode(
+            b'{"__type": "Event", "source.ip": "127.0.0.1", "classification.type": "c2-server"}'
+        ).decode(),
+        "__type": "Event",
+        "classification.type": "c2-server",
+        "source.ip": "127.0.0.1",
+    },
+    {
+        "feed.name": "Test feed",
+        "raw": base64.b64encode(
+            b'{"__type": "Event", "source.ip": "127.0.0.2", "classification.type": "c2-server"}'
+        ).decode(),
+        "__type": "Event",
+        "classification.type": "c2-server",
+        "source.ip": "127.0.0.2",
+    },
+]
+with open(os.path.join(os.path.dirname(__file__), "data2.json"), "rb") as fh:
+    RAW2 = base64.b64encode(fh.read()).decode()
+
+NO_DEFAULT_REPORT = {
+    "feed.name": "Test feed",
+    "raw": RAW2,
+    "__type": "Report",
+}
+NO_DEFAULT_EVENT = MULTILINE_EVENTS[1].copy()
+NO_DEFAULT_EVENT["raw"] = base64.b64encode(
+    b'{"source.ip": "127.0.0.2", "classification.type": "c2-server"}\n'
+).decode()
+
+with open(os.path.join(os.path.dirname(__file__), "ncscnl.json"), "rb") as fh:
+    NCSCNL_FILE = fh.read()
+NCSCNL_RAW = base64.b64encode(NCSCNL_FILE).decode()
+NCSC_EVENTS = json_loads(NCSCNL_FILE)
+for i, event in enumerate(NCSC_EVENTS):
+    NCSC_EVENTS[i]["raw"] = base64.b64encode(
+        json_dumps(event, sort_keys=True).encode()
+    ).decode()
+    NCSC_EVENTS[i]["classification.type"] = "undetermined"
+    NCSC_EVENTS[i]["feed.name"] = "NCSC.NL"
+    NCSC_EVENTS[i]["__type"] = "Event"
+
+NCSCNL_REPORT = {
+    "feed.name": "NCSC.NL",
+    "raw": NCSCNL_RAW,
+    "__type": "Report",
+}
+
+with open(os.path.join(os.path.dirname(__file__), "generic_data.json"), "rb") as fh:
+    GENERIC_RAW = base64.b64encode(fh.read()).decode()
+
+MULTILINE_GENERIC_REPORT = {
+    "feed.name": "Test feed",
+    "raw": GENERIC_RAW,
+    "__type": "Report",
+}
+MULTILINE_GENERIC_EVENTS = [
+    {
+        "feed.name": "Test feed",
+        "raw": base64.b64encode(
+            b'{"__type": "Event", "source.ip": "127.0.0.1", "notexists": "generic data"}'
+        ).decode(),
+        "__type": "Event",
+        "extra.notexists": "generic data",
+        "source.ip": "127.0.0.1",
+        "classification.type": "undetermined",
+    },
+    {
+        "feed.name": "Test feed",
+        "raw": base64.b64encode(
+            b'{"__type": "Event", "source.ip": "127.0.0.2", "somethingelse": '
+            b'"hahaha", "extra.ok": "ok"}'
+        ).decode(),
+        "__type": "Event",
+        "extra.somethingelse": "hahaha",
+        "extra.ok": "ok",
+        "source.ip": "127.0.0.2",
+        "classification.type": "undetermined",
+    },
+]
+
+
+class TestJSONParserBot(test.BotTestCase, unittest.TestCase):
+    """
+    A TestCase for a MalwareDomainListParserBot.
+    """
+
+    @classmethod
+    def set_bot(cls):
+        cls.bot_reference = JSONGenericParserBot
+        cls.default_input_message = ONELINE_REPORT
+
+    def test_oneline_report(self):
+        """Test if correct Event has been produced."""
+        self.run_bot()
+        self.assertMessageEqual(0, EXAMPLE_EVENT)
+
+    def test_multiline_report(self):
+        """Test if correct Event has been produced."""
+        self.input_message = MULTILINE_REPORT
+        self.run_bot(parameters={"splitlines": True})
+        self.assertMessageEqual(0, MULTILINE_EVENTS[0])
+        self.assertMessageEqual(1, MULTILINE_EVENTS[1])
+
+    def test_default_event(self):
+        """Test if correct Event has been produced."""
+        self.input_message = NO_DEFAULT_REPORT
+        self.run_bot()
+        self.assertMessageEqual(0, NO_DEFAULT_EVENT)
+
+    def test_ncscnl(self):
+        """A file containing a list of events (not per line)"""
+        self.input_message = NCSCNL_REPORT
+        self.run_bot(parameters={"multiple_events": True})
+        self.assertMessageEqual(0, NCSC_EVENTS[0])
+        self.assertMessageEqual(1, NCSC_EVENTS[1])
+        self.assertMessageEqual(2, NCSC_EVENTS[2])
+
+    def test_multiline_generic_report(self):
+        """Test if correct Event has been produced."""
+        self.input_message = MULTILINE_GENERIC_REPORT
+        self.run_bot(parameters={"splitlines": True})
+        self.assertMessageEqual(0, MULTILINE_GENERIC_EVENTS[0])
+        self.assertMessageEqual(1, MULTILINE_GENERIC_EVENTS[1])
+
+
+if __name__ == "__main__":  # pragma: no cover
+    unittest.main()

{intelmq_extensions-1.10.0.dist-info → intelmq_extensions-1.11.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: intelmq_extensions
-Version: 1.10.0
+Version: 1.11.0
 Summary: Additional bots for IntelMQ
 Author: CERT.at Data & Development Team
 License: AGPLv3
@@ -10,13 +10,13 @@ Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: intelmq
-Requires-Dist: importlib_metadata; python_version < "3.8"
-Requires-Dist: psycopg2-binary
-Requires-Dist: netaddr>=0.7.14
 Requires-Dist: rt<3.0.0,>=1.0.9
-Requires-Dist: tabulate>=0.7.5
-Requires-Dist: python-termstyle>=0.1.10
 Requires-Dist: mergedeep
+Requires-Dist: psycopg2-binary
+Requires-Dist: python-termstyle>=0.1.10
+Requires-Dist: importlib_metadata; python_version < "3.8"
+Requires-Dist: tabulate>=0.7.5
+Requires-Dist: netaddr>=0.7.14
 Provides-Extra: dev
 Requires-Dist: pytest; extra == "dev"
 Requires-Dist: tox>=4; extra == "dev"

{intelmq_extensions-1.10.0.dist-info → intelmq_extensions-1.11.0.dist-info}/RECORD

@@ -19,6 +19,8 @@ intelmq_extensions/bots/experts/event_group_splitter/__init__.py,sha256=47DEQpj8
 intelmq_extensions/bots/experts/event_group_splitter/expert.py,sha256=Jq9v1p94dwbiFKeaulf7pg5XA15hlb967Wwvjp-fZ3g,4095
 intelmq_extensions/bots/experts/event_splitter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/bots/experts/event_splitter/expert.py,sha256=DcAXwapXMmP-IP7sPwDBWJ9cMu9UCcKh3nJPSDJbGfU,1204
+intelmq_extensions/bots/experts/iban_extractor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+intelmq_extensions/bots/experts/iban_extractor/expert.py,sha256=iyeb5ja8kFNRXjFDs_e9ulZwIXX9OlpC6eEfA5GoCGE,2276
 intelmq_extensions/bots/experts/replace_in_dict/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/bots/experts/replace_in_dict/expert.py,sha256=GyevseD5n5E5cNO_6PZqnK8gZhILplPvLcwyS6iXNks,1375
 intelmq_extensions/bots/experts/squelcher/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -38,6 +40,8 @@ intelmq_extensions/bots/parsers/blackkite/_transformers.py,sha256=msiXw_Ex8baCnF
 intelmq_extensions/bots/parsers/blackkite/parser.py,sha256=3NxC84xpR3bIPlVZdZEjcNsBvCdGn4fL54sE-F7sCTg,1880
 intelmq_extensions/bots/parsers/disp/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/bots/parsers/disp/parser.py,sha256=co-eOx8aR3-z2BYe50Rlyr9dYWlX1w0ZoBAFZVgCdbg,4401
+intelmq_extensions/bots/parsers/generic_json/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+intelmq_extensions/bots/parsers/generic_json/parser.py,sha256=UuvsagyYIFvjQ-v4DY1QV9lP4N1xZGtE0gwY-n-Jh5g,2946
 intelmq_extensions/bots/parsers/malwaredomains/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/bots/parsers/malwaredomains/parser.py,sha256=FEp0YxZ44bD5KoeO162nRols48Xtq_8haAA8zA7BgZg,1996
 intelmq_extensions/bots/parsers/modat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -77,6 +81,8 @@ intelmq_extensions/tests/bots/experts/event_group_splitter/__init__.py,sha256=47
 intelmq_extensions/tests/bots/experts/event_group_splitter/test_expert.py,sha256=FcuFOzOGctWQ0whG5e7t9_K2Vf7a_doDEl5WoWhDqq8,9124
 intelmq_extensions/tests/bots/experts/event_splitter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/tests/bots/experts/event_splitter/test_expert.py,sha256=KGjh86BacNiUcJGg8kxggHoJY3ORZPmPFmVPYJK0J6A,2752
+intelmq_extensions/tests/bots/experts/iban_extractor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+intelmq_extensions/tests/bots/experts/iban_extractor/test_expert.py,sha256=Jl-ROceCt84rCS8mqU46uGwHoMW4Gkc280ZQoEvIhxk,2500
 intelmq_extensions/tests/bots/experts/replace_in_dict/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/tests/bots/experts/replace_in_dict/test_expert.py,sha256=aGJ0zGjU4qEKP4HLIF4LnFyze7I__DMrMJz6ynf5bko,2630
 intelmq_extensions/tests/bots/experts/squelcher/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -94,6 +100,8 @@ intelmq_extensions/tests/bots/parsers/blackkite/data.py,sha256=gwfaErTsUmS04vovH
 intelmq_extensions/tests/bots/parsers/blackkite/test_parser.py,sha256=VWDj0iwhI96twlWj9ZRU8VtZ-DDIH9YiVlfbiOarj5I,7491
 intelmq_extensions/tests/bots/parsers/disp/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/tests/bots/parsers/disp/test_parser.py,sha256=geUXWaKpOUW_k9-Qb_VAtp99cr6vDTcnSBmT9LfDHec,9714
+intelmq_extensions/tests/bots/parsers/generic_json/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+intelmq_extensions/tests/bots/parsers/generic_json/test_parser.py,sha256=nX_vee7UGRLIokmZCKaCcmxzuFsK4vrdcg3vvE1BCCw,5482
 intelmq_extensions/tests/bots/parsers/malwaredomains/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/tests/bots/parsers/malwaredomains/test_parser.py,sha256=zkfjcyniiPRcpABVurdRrRpZyZ2zV_PQ84xiU1eUJv0,1882
 intelmq_extensions/tests/bots/parsers/modat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -105,9 +113,9 @@ intelmq_extensions/tests/cli/test_intelmqcli.py,sha256=Izy0FHVkj44DCgp4Zm8f1vYTd
 intelmq_extensions/tests/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 intelmq_extensions/tests/lib/base.py,sha256=iD4MuDq0Dh-CqFDgyXf4CfaJgT4AL7XAcNjPGxUlkPM,2560
 intelmq_extensions/tests/lib/test_api_helpers.py,sha256=cO6KNfVjwpYgevyyxxokOAmk7VXo-8T8OCH8hQhf980,3807
-intelmq_extensions-1.10.0.dist-info/licenses/LICENSE,sha256=hIahDEOTzuHCU5J2nd07LWwkLW7Hko4UFO__ffsvB-8,34523
-intelmq_extensions-1.10.0.dist-info/METADATA,sha256=mfhiBm-fykPWoGvl9UGMaiuGdVjbpole3WHd9UG4V7c,2843
-intelmq_extensions-1.10.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-intelmq_extensions-1.10.0.dist-info/entry_points.txt,sha256=ZnDurNdOqqIbPjKHzsmxrczs5aE9d_KLOlz1mQx2C5I,4141
-intelmq_extensions-1.10.0.dist-info/top_level.txt,sha256=YVqZnmAiBfQPNdJPAv64Afvc41p3B24Akx2v2-3BFyc,19
-intelmq_extensions-1.10.0.dist-info/RECORD,,
+intelmq_extensions-1.11.0.dist-info/licenses/LICENSE,sha256=hIahDEOTzuHCU5J2nd07LWwkLW7Hko4UFO__ffsvB-8,34523
+intelmq_extensions-1.11.0.dist-info/METADATA,sha256=qDzOhAYwk7v8i7femo3GVeaR-rh36mJKIEx6L3sJrzU,2843
+intelmq_extensions-1.11.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+intelmq_extensions-1.11.0.dist-info/entry_points.txt,sha256=jnG6ZRXmmS5fThseMCrqZ29xMsp-S2OVqiydmlLdpko,4597
+intelmq_extensions-1.11.0.dist-info/top_level.txt,sha256=YVqZnmAiBfQPNdJPAv64Afvc41p3B24Akx2v2-3BFyc,19
+intelmq_extensions-1.11.0.dist-info/RECORD,,

{intelmq_extensions-1.10.0.dist-info → intelmq_extensions-1.11.0.dist-info}/entry_points.txt

@@ -7,6 +7,7 @@ intelmq.bots.experts.certat.certat_contact_intern.expert = intelmq_extensions.bo
 intelmq.bots.experts.certat.copy_extra.expert = intelmq_extensions.bots.experts.copy_extra.expert:BOT.run
 intelmq.bots.experts.certat.event_group_splitter.expert = intelmq_extensions.bots.experts.event_group_splitter.expert:BOT.run
 intelmq.bots.experts.certat.event_splitter.expert = intelmq_extensions.bots.experts.event_splitter.expert:BOT.run
+intelmq.bots.experts.certat.iban_extractor.expert = intelmq_extensions.bots.experts.iban_extractor.expert:BOT.run
 intelmq.bots.experts.certat.replace_in_dict.expert = intelmq_extensions.bots.experts.replace_in_dict.expert:BOT.run
 intelmq.bots.experts.certat.squelcher.expert = intelmq_extensions.bots.experts.squelcher.expert:BOT.run
 intelmq.bots.experts.certat.vulnerability_lookup.expert = intelmq_extensions.bots.experts.vulnerability_lookup.expert:BOT.run
@@ -15,6 +16,7 @@ intelmq.bots.outputs.certat.to_logs.output = intelmq_extensions.bots.outputs.to_
 intelmq.bots.outputs.certat.xmpp.output = intelmq_extensions.bots.outputs.xmpp.output:BOT.run
 intelmq.bots.parsers.certat.blackkite.parser = intelmq_extensions.bots.parsers.blackkite.parser:BOT.run
 intelmq.bots.parsers.certat.disp.parser = intelmq_extensions.bots.parsers.disp.parser:BOT.run
+intelmq.bots.parsers.certat.generic_json.parser = intelmq_extensions.bots.parsers.generic_json.parser:BOT.run
 intelmq.bots.parsers.certat.malwaredomains.parser = intelmq_extensions.bots.parsers.malwaredomains.parser:BOT.run
 intelmq.bots.parsers.certat.modat.parser = intelmq_extensions.bots.parsers.modat.parser:BOT.run
 intelmq_extensions.bots.collectors.blackkite.collector = intelmq_extensions.bots.collectors.blackkite.collector:BOT.run
@@ -25,6 +27,7 @@ intelmq_extensions.bots.experts.certat_contact_intern.expert = intelmq_extension
 intelmq_extensions.bots.experts.copy_extra.expert = intelmq_extensions.bots.experts.copy_extra.expert:BOT.run
 intelmq_extensions.bots.experts.event_group_splitter.expert = intelmq_extensions.bots.experts.event_group_splitter.expert:BOT.run
 intelmq_extensions.bots.experts.event_splitter.expert = intelmq_extensions.bots.experts.event_splitter.expert:BOT.run
+intelmq_extensions.bots.experts.iban_extractor.expert = intelmq_extensions.bots.experts.iban_extractor.expert:BOT.run
 intelmq_extensions.bots.experts.replace_in_dict.expert = intelmq_extensions.bots.experts.replace_in_dict.expert:BOT.run
 intelmq_extensions.bots.experts.squelcher.expert = intelmq_extensions.bots.experts.squelcher.expert:BOT.run
 intelmq_extensions.bots.experts.vulnerability_lookup.expert = intelmq_extensions.bots.experts.vulnerability_lookup.expert:BOT.run
@@ -33,6 +36,7 @@ intelmq_extensions.bots.outputs.to_logs.output = intelmq_extensions.bots.outputs
 intelmq_extensions.bots.outputs.xmpp.output = intelmq_extensions.bots.outputs.xmpp.output:BOT.run
 intelmq_extensions.bots.parsers.blackkite.parser = intelmq_extensions.bots.parsers.blackkite.parser:BOT.run
 intelmq_extensions.bots.parsers.disp.parser = intelmq_extensions.bots.parsers.disp.parser:BOT.run
+intelmq_extensions.bots.parsers.generic_json.parser = intelmq_extensions.bots.parsers.generic_json.parser:BOT.run
 intelmq_extensions.bots.parsers.malwaredomains.parser = intelmq_extensions.bots.parsers.malwaredomains.parser:BOT.run
 intelmq_extensions.bots.parsers.modat.parser = intelmq_extensions.bots.parsers.modat.parser:BOT.run
 intelmqcli = intelmq_extensions.cli.intelmqcli:main