[Bro] Bulk editing Intel files

M P mpselab at gmail.com
Thu Jul 30 07:20:26 PDT 2015


On Thursday, July 30, 2015, Michael Bower <mbower2 at gmail.com> wrote:

> Does anyone have something they like to use to help create/edit Intel
> files in bulk? Im trying to find a way to quickly add a lot of domains to
> one of my Intel files and I really don't want to have to added them
> individually.
>
> Thanks,
> Mike
> --
>
> Sent from my Android device
>

If you read the below post by Paul Halliday - maintainer of Squert -  You
will find a one liner command to read a domain-per-line list of domains and
convert them into Bro's intel format. Not sure this fits your profile but
it may help.

http://www.pintumbler.org/words/broagentforsguil-nowsupportsintellog

There is also a script on GitHub called bro-intel-generator which reads
from PDF or HTML files, extracts domains, IP addresses, and hashes into bro
intel format. Again this may not fit your profile, but it may help.

https://github.com/exp0se/bro-intel-generator

With the two examples above may be you can spin up your own script that
fits your requirements.

MP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150730/7025d5cc/attachment.html 


More information about the Bro mailing list