[Bro] [bro] Extending intel.log
tgdesrochers at gmail.com
Tue Apr 26 06:07:32 PDT 2016
Is there an easy way to extend the intel.log file to include the meta.url field. I ingest these logs into ELK and having the meta.url would be extremely helpful.
Right now when my logs print I get seen_indicator, seen_indicator_type, seen_node, seen_where, and sources, but I’d like to have the meta URL come through and print in the log to make it easy for an analyst to find the source documentation for the referenced intel alert.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro