[Bro] [bro] Bro intelligence framework meta data issue.

Seth Hall seth at icir.org
Thu Jan 29 08:06:35 PST 2015


> On Jan 29, 2015, at 3:06 AM, Giedrius Ramas <giedrius.ramas at gmail.com> wrote:
> 
> #fields	indicator	indicator_type	meta.desc	meta.cif_confidence	meta.source
> summitcpas.com/process/mbb/m2uAccountUpdate/M2ULoginsdo.html	Intel::URL	phishing	85	phishtank.com
> 
> 1422518281.529553	CUZQFO0cVtr52M9zj	10.3.2.2	49789	64.207.177.234	80	-	--	summitcpas.com/process/mbb/m2uAccountUpdate/M2ULoginsdo.html	Intel::URL	HTTP::IN_URL	phishtank.com	phishing
> 
> Still missing meta.desc meta.cif_confidence	meta.source  fields. 

Actually, meta.desc is there (so is meta.source).  The descriptions were all that I added with my script.  If you want more information added you will have to add it in your custom script.  My example should make it easy for you.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list