IntelMQ

IntelMQ collects and processes security feeds through a message-queue pipeline. It is aimed at CERTs, CSIRTs, SOCs, abuse desks, and incident responders that need to turn raw feeds and log files into clean, structured security data for incident handling.

Events flow through configurable bots as JSON messages, and an HTTP REST API exposes the pipeline to other tools. Output can land in databases and log collectors such as PostgreSQL, Elasticsearch, and Splunk, and the pipeline can generate blocklists. Persistence between stages reduces the chance of dropped events under load.

Designed by European CERTs and CSIRTs as the Incident Handling Automation Project, it lets teams run their own automated processing pipeline rather than handling feeds by hand.