Collection of tools to use with IntelMQ. This repository contains both our custom WebUI as well as dockerized versions of other tools.
Note that some parts may be strictly related to workflows we use in CERT.at, more configurable approach and examples are planed, but may be delayed depending on available capacity.
WebUI is a streamlit-based UI for daily operations on IntelMQ workflows. It acts as central place with links to other tools as well as offers:
- editing selected config files (with basic validation & automated bot's reloading)
- handling one-shot sending
- editing boilerplates texts
- managing special "sub-workflows" where operators can turn on/off processing of some events as well as enrich them with additional informations, without having to manuel modify config files
- managing some contact information (deprecated)
Both may currently be not in the newest upstream versions (#fixme) and contains small patches (applied during the build) to better match our use case:
- Fody (access to IntelMQ EventDB)
- Webinput CSV (uploading CSVs with one-time events)