[Bro-Dev] [JIRA] (BIT-1539) Adding intel to intel framework Bro is not loading the file

Johanna Amann (JIRA) jira at bro-tracker.atlassian.net
Tue Mar 1 14:04:00 PST 2016


     [ https://bro-tracker.atlassian.net/browse/BIT-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Johanna Amann updated BIT-1539:
-------------------------------
    Resolution: Solved
        Status: Closed  (was: Open)

Since there was no further comment on this, I assumed that solved your problem.

Feel free to re-open if you still think there is anything wrong in Bro.

> Adding intel to intel framework Bro is not loading the file
> -----------------------------------------------------------
>
>                 Key: BIT-1539
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1539
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>         Environment: CentOS 7.2. 1511 kernel version 3.10 
>            Reporter: Lu Goon
>              Labels: Framework, IP, Intel, addresses, data, files, text
>
> We wanted to get our intel ( bad IPs) in to bro for alerting using the intel framework. I crafted a file of BAD IPs based on the documentation on the site. Also based this on the critical stack implementation as well.
> I provided the following fields: indicator, indicator_type, meta.source, meta.desc, meta.do_notice.
> thus a sample entry  would be
> 1.2.3.4 \t Intel::ADDR \t MY INTEL \t  My bad IP list \t F
> Per the documentation it should write all that into the intel.log file if activated in the local.bro file
> either using broctl or bro -i ens33 local.bro. There is no indication in loaded scripts that the files loads.
> Also in my local.bro file I include.
> @load policy/frameworks/intel/seen
> @load policy/frameworks/intel/do_notice
> redef Intel::read_files += { "/usr/local/bro/upload/intel.dat"};
> Any help on debugging why this file is not loading or indication of if it is loaded?



--
This message was sent by Atlassian JIRA
(v7.2.0-OD-03-010#72000)


More information about the bro-dev mailing list