[Bro] Converting my own feeds to bro intel
Blason R
blason16 at gmail.com
Wed Mar 21 20:37:58 PDT 2018
Thanks appreciate your quick answer. Let me dive in :)
On Thu, Mar 22, 2018 at 5:20 AM, James Lay <jlay at slave-tothe-box.net> wrote:
> This should fit the bill:
>
> https://github.com/jonschipp/mal-dnssearch
>
> If you're using effective domain you'll need to to some grep/seding to
> change it.
>
> James
>
> On Tue, 2018-03-20 at 23:14 +0530, Blason R wrote:
>
> Hi,
>
> I do have certain OSINT Feeds and wanted to convert those to intel.dat and
> later consumed by ELK stack. Can someone guide how do I convert those IP
> addresses into intel.dat.
>
> _______________________________________________
> Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180322/1f0cfbc3/attachment-0001.html
More information about the Bro
mailing list