[Bro] [bro] Bro intelligence framework meta data issue.

Giedrius Ramas giedrius.ramas at gmail.com
Thu Jan 29 23:37:26 PST 2015


Tons of thanks, get  it working .

On Thu, Jan 29, 2015 at 6:06 PM, Seth Hall <seth at icir.org> wrote:

>
> > On Jan 29, 2015, at 3:06 AM, Giedrius Ramas <giedrius.ramas at gmail.com>
> wrote:
> >
> > #fields       indicator       indicator_type  meta.desc
>  meta.cif_confidence     meta.source
> > summitcpas.com/process/mbb/m2uAccountUpdate/M2ULoginsdo.html
> Intel::URL      phishing        85      phishtank.com
> >
> > 1422518281.529553     CUZQFO0cVtr52M9zj       10.3.2.2        49789
>  64.207.177.234  80      -       --
> summitcpas.com/process/mbb/m2uAccountUpdate/M2ULoginsdo.html
> Intel::URL      HTTP::IN_URL    phishtank.com   phishing
> >
> > Still missing meta.desc meta.cif_confidence   meta.source  fields.
>
> Actually, meta.desc is there (so is meta.source).  The descriptions were
> all that I added with my script.  If you want more information added you
> will have to add it in your custom script.  My example should make it easy
> for you.
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150130/d1ae5626/attachment.html 


More information about the Bro mailing list