Incident Handling Automation

Published under Community Projects


Nowadays, incident handling has become more and more challenging due to increasing amounts of collected data used in the process and also due to lack of automation. Since scalability plays a key role in making efficient incident handling, ENISA supports good community driven initiatives to improve incident handling. The main goal of this project is to automate and improve incident handling process for CERTs by providing easy to set up and deploy solutions for Incident Response process.


  • CNCS (National Cyber Security Centre - Portugal)

Start contributing for all community

We really appreciate your contribution and feedback.


  •  Aaron Kaplan (
  • Sebastian Wagner (


IntelMQ System



IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
IntelMQ's design was influenced by AbuseHelper, however it was re-written from scratch and aims at:

  • Reduce the complexity of system administration
  • Reduce the complexity of writing new bots for new data feeds
  • Reduce the probability of events lost in all process with persistence functionality (even system crash)
  • Use and improve the existing Data Harmonization Ontology
  • Use JSON format for all messages
  • Integration of the existing tools (AbuseHelper, CIF)
  • Provide easy way to store data into Log Collectors like ElasticSearch, Splunk
  • Provide easy way to create your own black-lists
  • Provide easy communication with other systems via HTTP RESTFUL API

 It follows the following basic meta-guidelines:

  • Don't break simplicity - KISS
  • Keep it open source - forever
  • Strive for perfection while keeping a deadline
  • Reduce complexity/avoid feature bloat
  • Embrace unit testing
  • Code readability: test with inexperienced programmers
  • Communicate clearly

To subscribe to the intelmq-users and intelmq-dev mailing lists please use


We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information