IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs, abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community-driven initiative called IHAP (Incident Handling Automation Project), which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence, thus improving the incident handling processes of CERTs.
IntelMQ can be used for - automated incident handling, situational awareness, and notifications as a data collector for other tools - etc.
AbuseHelper influenced IntelMQ's design. However, it was re-written from scratch and aims at:
Reducing the complexity of system administration
Reducing the complexity of writing new bots for new data feeds
Reducing the probability of events lost in all processes with persistence functionality (even system crashes)
Use and improve the existing Data Harmonization Ontology
Use JSON format for all messages
Provide an easy way to store data into Log Collectors like ElasticSearch, Splunk, and databases (such as PostgreSQL)
Provide an easy way to create your black-lists
Provide easy communication with other systems via HTTP RESTful API
It follows the following basic meta-guidelines:
Don't break simplicity - KISS
Keep it open source - forever
Strive for perfection while keeping a deadline
Reduce complexity/avoid feature bloat
Embrace unit testing
Code readability: test with unexperienced programmers
Communicate clearly
Source code and additional information may be found here: https://github.com/certtools/intelmq