[Bro] Mal-dnssearch issue
jlay at slave-tothe-box.net
Fri Oct 10 10:49:42 PDT 2014
On 2014-10-10 11:22, Jon Schipp wrote:
> Hello James,
> Sorry, I've been really busy. Thanks for reporting, I'll look into
> For any specific issue with the script you can create an issue on
> Github and I'll take care of it :)
> On Fri, Oct 10, 2014 at 9:44 AM, James Lay <jlay at slave-tothe-box.net>
>> On 2014-10-09 15:48, James Lay wrote:
>>> Hey again all,
>>> Got almost all the intel feeds that I'm looking to get save
>>> one...malips. From:
>>> I'm running:
>>> mal-dnssearch -M malips -p | mal-dns2bro -T ip -s malips >
>>> However the results looks muffed:
>>> head malips.intel
>>> #fields indicator indicator_type meta.source meta.url
>>> meta.do_notice meta.if_in
>>> 100.42.5Intel::ADDR malips - F -
>>> 103.14.1Intel::ADDR malips - F -
>>> 103.19.8Intel::ADDR malips - F -
>>> The others all look fine. Again, am I missing a flag or something?
>>> Thank you.
>> Some additional info shows that there's a carriage return after the
>> IP...doing a :set list in vim shows:
>> None of the other .intel files show the ^M. Thanks all.
Did so thanks Jon...I'll get work with this off list.
More information about the Bro