[Bro] bro_intel feeds as csv file
Johanna Amann
johanna at icir.org
Tue Feb 14 13:12:46 PST 2017
Hello Sunu,
no, it is not trivially possible to get the intel framework to read csv
files. The easiest way is to convert your format into the Bro syntax.
Alternatively, you can use the input framework yourself, specify the
delimiters that you need and manually call Intel::insert.
Johanna
On Sun, Feb 12, 2017 at 03:01:21PM +0530, ps sunu wrote:
> Hi all ,
> Is possible to generate bro_intel txt files as a
> .CSV format ?
>
> my format
>
> #fields indicator indicator_type meta.source meta.url meta.do_notice
> meta.if_in meta.whitelist
> # Intel::ADDR binarydefense-ip - T - -
> # Intel::ADDR binarydefense-ip - T - -
> # Intel::ADDR binarydefense-ip - T - -
> # Intel::ADDR binarydefense-ip - T - -
> # Intel::ADDR binarydefense-ip - T - -
> # Intel::ADDR binarydefense-ip - T - -
> # Intel::ADDR binarydefense-ip - T - -
>
>
> Need to change this feeds as a csv format
>
>
> Regards,
> Sunu
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list