[Bro] [bro] Extending intel.log
Tim Desrochers
tgdesrochers at gmail.com
Tue Apr 26 11:15:38 PDT 2016
Thanks Seth
From: Seth Hall
Sent: Tuesday, April 26, 2016 2:00 PM
To: Tim Desrochers
Cc: bro at bro.org
Subject: Re: [Bro] [bro] Extending intel.log
> On Apr 26, 2016, at 9:07 AM, Tim Desrochers <tgdesrochers at gmail.com> wrote:
>
> Right now when my logs print I get seen_indicator, seen_indicator_type, seen_node, seen_where, and sources, but I’d like to have the meta URL come through and print in the log to make it easy for an analyst to find the source documentation for the referenced intel alert.
I have some extensions for the intel framework here:
https://github.com/sethhall/intel-ext
Look at the tests to see how to use it:
https://github.com/sethhall/intel-ext/tree/master/testing/intel-ext
I'm hoping that some changes will be coming to the intel framework in the next release that should incorporate changes like these and more too.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160426/98a0e8b2/attachment.html
More information about the Bro
mailing list