[Bro] Bulk editing Intel files

Michael Bower mbower2 at gmail.com
Thu Jul 30 07:22:29 PDT 2015


Thanks! These should get me started.

On Thu, Jul 30, 2015 at 10:20 AM M P <mpselab at gmail.com> wrote:

>
>
> On Thursday, July 30, 2015, Michael Bower <mbower2 at gmail.com> wrote:
>
>> Does anyone have something they like to use to help create/edit Intel
>> files in bulk? Im trying to find a way to quickly add a lot of domains to
>> one of my Intel files and I really don't want to have to added them
>> individually.
>>
>> Thanks,
>> Mike
>> --
>>
>> Sent from my Android device
>>
>
> If you read the below post by Paul Halliday - maintainer of Squert -  You
> will find a one liner command to read a domain-per-line list of domains and
> convert them into Bro's intel format. Not sure this fits your profile but
> it may help.
>
> http://www.pintumbler.org/words/broagentforsguil-nowsupportsintellog
>
> There is also a script on GitHub called bro-intel-generator which reads
> from PDF or HTML files, extracts domains, IP addresses, and hashes into bro
> intel format. Again this may not fit your profile, but it may help.
>
> https://github.com/exp0se/bro-intel-generator
>
> With the two examples above may be you can spin up your own script that
> fits your requirements.
>
> MP
>
>
>
>
> --

Sent from my Android device
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150730/1343cfd8/attachment.html 


More information about the Bro mailing list