[Bro] Mal-dnssearch issue

James Lay jlay at slave-tothe-box.net
Thu Oct 9 14:48:26 PDT 2014


Hey again all,

Got almost all the intel feeds that I'm looking to get save 
one...malips.  From:

http://blog.bro.org/2014/01/intelligence-data-and-bro_4980.html

I'm running:

mal-dnssearch -M malips -p | mal-dns2bro -T ip -s malips > malips.intel

However the results looks muffed:

head malips.intel
#fields indicator       indicator_type  meta.source     meta.url        
meta.do_notice  meta.if_in
100.42.5Intel::ADDR     malips  -       F       -
103.14.1Intel::ADDR     malips  -       F       -
103.19.8Intel::ADDR     malips  -       F       -

The others all look fine.  Again, am I missing a flag or something?  
Thank you.

James



More information about the Bro mailing list