Hi,
I found that BRO 2.3.4 Intel do not work with email’s indicators. I have played on my infrastructure to get BRO intel work and found that email indicator won’t work.
I also tested it on try.bro.org/ the same results . However BRO 2.2 version works well with Intel email’s indicators .
Please let me know if more details needed to troubleshoot
anyone faced the same issue ?
If nobody gets back to you sooner, I’ll have time to test later this week if you hit me up then. In the meantime, I’d suggest testing with 2.4 that was just released.
Dop
I have just tested email indicator on BRO 2.4 version and no luck . Intel::EMAIL does not work with BRO 2.4.
BRO 2.2 version works fine with Intel::EMAIL, double tested .