[Bro] [bro] Extending intel.log

Tim Desrochers tgdesrochers at gmail.com
Tue Apr 26 06:07:32 PDT 2016


Is there an easy way to extend the intel.log file to include the meta.url field.  I ingest these logs into ELK and having the meta.url would be extremely helpful.

Right now when my logs print I get seen_indicator, seen_indicator_type, seen_node, seen_where, and sources, but I’d like to have the meta URL come through and print in the log to make it easy for an analyst to find the source documentation for the referenced intel alert.

Thanks
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160426/b4b84450/attachment.html 


More information about the Bro mailing list