Hi,
I do have certain OSINT Feeds and wanted to convert those to intel.dat and later consumed by ELK stack. Can someone guide how do I convert those IP addresses into intel.dat.
This should fit the bill:
https://github.com/jonschipp/mal-dnssearch
If you’re using effective domain you’ll need to to some grep/seding to change it.
James
Thanks appreciate your quick answer. Let me dive in 