Incident Handling Automation

Published under Community Projects


Nowadays, incident handling has become more and more challenging due to increasing amounts of collected data used in the process and also due to lack of automation. Since scalability plays a key role in making efficient incident handling, ENISA supports good community driven initiatives to improve incident handling. The main goal of this project is to automate and improve incident handling process for CERTs by providing easy to set up and deploy solutions for Incident Response process.


  • CNCS (National Cyber Security Centre - Portugal)

Start contributing for all community

We really appreciate your contribution and feedback.


  • Tomás Lima (
  • Aaron Kaplan (
  • Cosmin Ciobanu (


IntelMQ System




IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
IntelMQ's design was influenced by AbuseHelper, however it was re-written from scratch and aims at:

  • Reduce the complexity of system administration
  • Reduce the complexity of writing new bots for new data feeds
  • Reduce the probability of events lost in all process with persistence functionality (even system crash)
  • Use and improve the existing Data Harmonization Ontology
  • Use JSON format for all messages
  • Integration of the existing tools (AbuseHelper, CIF)
  • Provide easy way to store data into Log Collectors like ElasticSearch, Splunk
  • Provide easy way to create your own black-lists
  • Provide easy communication with other systems via HTTP RESTFUL API


It follows the following basic meta-guidelines:

  • Don't break simplicity - KISS
  • Keep it open source - forever
  • Strive for perfection while keeping a deadline
  • Reduce complexity/avoid feature bloat
  • Embrace unit testing
  • Code readability: test with inexperienced programmers
  • Communicate clearly

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more