Hello all
Having a brain cramp on why my intel framework emails are not working.
Here is a snippet out of my feed file lets say:
#fields indicator indicator_type meta.source meta.desc meta.do_notice
xxx.xxx.xxx.xxx Intel::ADDR Internal-Intel malware_addr T
my local.bro
@load frameworks/intel/seen
@load frameworks/intel/do_notice
redef Intel::read_files += {
“/nsm/bro/feeds/malware-addr.intel”,
};
redef Notice::emailed_types += {
Intel::Notice,
TeamCymruMalwareHashRegistry::Match,
};
I know the notice framework and emails get sent as I get my summary emails as well as the malware hash emails. When I test and try to access the address within the feed it gets logged to my intel.log file but no email is being sent. This use to work for me, but for some reason it is not anymore. I know its something stupid and I just need a slap up side the head. Can someone point me in the right direction?
Thanks