[Bro] bro - intel critical stack

Izik Birka Izik.Birka at hot.net.il
Tue Jan 16 06:20:33 PST 2018


Hi
I install the Critical Stack Intel Client
It is looks like it's working , I can see that the feeds are updated , but for some reason I don't have intel.log file

I notice that the script was created in /opt/critical-stack/framework/intel
There are 3 files in the folder :

1.       __load__.bro

2.       Feeds.bro

3.       master-public.bro.dat

the __load__ file contains :

@load ./feeds.bro

The feeds.bro file contains :

@load base/frameworks/intel
@load frameworks/intel/seen
@load frameworks/intel/do_notice

redef Intel::read_files += {
        "/opt/critical-stack/frameworks/intel/master-public.bro.dat"

The master-public.bro.dat contains the intel :

109.229.210.250 Intel::ADDR     from https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist via intel.criticalstack.com        F
124.110.195.160 Intel::ADDR     from https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist via intel.criticalstack.com        F

I try to load it in the local.bro but still it's not working ....
I trying access those ip's to create log , but it is not working.....

Any idea ?

Thanks
izik










This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain materials protected by copyright or information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or agreement.

If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication by error, notify the sender immediately and delete this message immediately.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180116/2922b6e9/attachment.html 


More information about the Bro mailing list