[Bro] [bro] Bro intelligence framework meta data issue.
Seth Hall
seth at icir.org
Thu Jan 29 08:06:35 PST 2015
> On Jan 29, 2015, at 3:06 AM, Giedrius Ramas <giedrius.ramas at gmail.com> wrote:
>
> #fields indicator indicator_type meta.desc meta.cif_confidence meta.source
> summitcpas.com/process/mbb/m2uAccountUpdate/M2ULoginsdo.html Intel::URL phishing 85 phishtank.com
>
> 1422518281.529553 CUZQFO0cVtr52M9zj 10.3.2.2 49789 64.207.177.234 80 - -- summitcpas.com/process/mbb/m2uAccountUpdate/M2ULoginsdo.html Intel::URL HTTP::IN_URL phishtank.com phishing
>
> Still missing meta.desc meta.cif_confidence meta.source fields.
Actually, meta.desc is there (so is meta.source). The descriptions were all that I added with my script. If you want more information added you will have to add it in your custom script. My example should make it easy for you.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list