[Bro] Converting my own feeds to bro intel
James Lay
jlay at slave-tothe-box.net
Wed Mar 21 16:50:18 PDT 2018
This should fit the bill:
https://github.com/jonschipp/mal-dnssearch
If you're using effective domain you'll need to to some grep/seding to
change it.
James
On Tue, 2018-03-20 at 23:14 +0530, Blason R wrote:
> Hi,
>
> I do have certain OSINT Feeds and wanted to convert those to
> intel.dat and later consumed by ELK stack. Can someone guide how do I
> convert those IP addresses into intel.dat.
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180321/e10a58ba/attachment.html
More information about the Bro
mailing list