[Bro] Mal-dnssearch issue
James Lay
jlay at slave-tothe-box.net
Thu Oct 9 14:48:26 PDT 2014
Hey again all,
Got almost all the intel feeds that I'm looking to get save
one...malips. From:
http://blog.bro.org/2014/01/intelligence-data-and-bro_4980.html
I'm running:
mal-dnssearch -M malips -p | mal-dns2bro -T ip -s malips > malips.intel
However the results looks muffed:
head malips.intel
#fields indicator indicator_type meta.source meta.url
meta.do_notice meta.if_in
100.42.5Intel::ADDR malips - F -
103.14.1Intel::ADDR malips - F -
103.19.8Intel::ADDR malips - F -
The others all look fine. Again, am I missing a flag or something?
Thank you.
James
More information about the Bro
mailing list