Task #3374: Migrate all core modules from legacy Mentat
Implement mentat-enricher.py module
|Assignee:||Jan Mach||% Done:|
|Category:||Development - Core|
Implement daemon module for IDEA message enrichment.Key features:
- Modular design
- Enable easy writing and plugging-in of new enrichment sub-module, possibly from configuration file
- Resolve target abuse contact/group
- Hostname resolving
Implemented prototype of mentat-enricher.py module.
Enricher is real-time message processing module with modular architecture and with support for easy implementation and usage of arbitrary enrichment plugins. Plugins can be developed based on predefined base class and dynamically loaded and instantinated upon module startup. (Redmine issue: #3365)
Feature: Implemented support for generating whois exception files from exception lists.
Exception files can be used to override internal whois resolving for designated networks to different abuse groups without modifying the original database records. This new feature enables users to generate whois exception files from simple text files containing lists of networks, which can be easily generated by anyone. (Redmine issue: #3385, #3365)
Implemented support for reloading enrichment plugins.
Message enrichment plugins need the reloading ability to enable fetching fresh information from original data sources. Otherwise the daemon would soon be using obsolete information for example for resolving target abuse groups. (Redmine issue: #3365)
- Status changed from In Progress to Closed
- % Done changed from 80 to 100
Current state of this module is sufficient for production environment. We are finally releasing 2.0 version of Mentat system, so the period of frantic coding and implementation chaos is over. Any further improvements of this module will be done as they should in separate Redmine issues.