[Bro] [bro] Bro intelligence framework meta data issue.

Seth Hall seth at icir.org
Thu Jan 29 08:06:35 PST 2015

> On Jan 29, 2015, at 3:06 AM, Giedrius Ramas <giedrius.ramas at gmail.com> wrote:
> #fields	indicator	indicator_type	meta.desc	meta.cif_confidence	meta.source
> summitcpas.com/process/mbb/m2uAccountUpdate/M2ULoginsdo.html	Intel::URL	phishing	85	phishtank.com
> 1422518281.529553	CUZQFO0cVtr52M9zj	49789	80	-	--	summitcpas.com/process/mbb/m2uAccountUpdate/M2ULoginsdo.html	Intel::URL	HTTP::IN_URL	phishtank.com	phishing
> Still missing meta.desc meta.cif_confidence	meta.source  fields. 

Actually, meta.desc is there (so is meta.source).  The descriptions were all that I added with my script.  If you want more information added you will have to add it in your custom script.  My example should make it easy for you.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list